diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms')
419 files changed, 27615 insertions, 28815 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java index 4cfe9a45..e9b1fb3d 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -36,24 +35,25 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.authentication.ECompSyntaxErr; - /** - * class for parsing a DN pattern used to construct a certificate - * subject name from ldap attributes and dn.<p> + * class for parsing a DN pattern used to construct a certificate + * subject name from ldap attributes and dn. + * <p> + * + * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name. + * <p> * - * dnpattern is a string representing a subject name pattern to formulate from - * the directory attributes and entry dn. If empty or not set, the - * ldap entry DN will be used as the certificate subject name. <p> + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$attr" "." attrName [ "." attrNumber ] | - * name "=" "$dn" "." attrName [ "." attrNumber ] | - * "$dn" "." "$rdn" "." number + * name "=" "$attr" "." attrName [ "." attrNumber ] | + * name "=" "$dn" "." attrName [ "." attrNumber ] | + * "$dn" "." "$rdn" "." number * </pre> + * * <pre> * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i> * Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org @@ -80,11 +80,12 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr; * E = the first 'mail' ldap attribute value in user's entry. <br> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN. note multiple AVAs - * in a RDN in this example. <br> + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> + * * <pre> * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i> * Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org @@ -109,15 +110,15 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr; * <p> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN followed by the - * first 'ou' value in the user's entry. note multiple AVAs - * in a RDN in this example. <br> + * first 'ou' value in the user's entry. note multiple AVAs + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> - * If an attribute or subject DN component does not exist the attribute - * is skipped. - * + * + * If an attribute or subject DN component does not exist the attribute is skipped. + * * @version $Revision$, $Date$ */ class AVAPattern { @@ -130,8 +131,8 @@ class AVAPattern { private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); /* ldap attributes needed by this AVA (to retrieve from ldap) */ protected String[] mLdapAttrs = null; @@ -140,7 +141,7 @@ class AVAPattern { protected String mType = null; /* the attribute in the AVA pair */ - protected String mAttr = null; + protected String mAttr = null; /* value - could be name of an ldap attribute or entry dn attribute. */ protected String mValue = null; @@ -151,19 +152,19 @@ class AVAPattern { protected String mTestDN = null; public AVAPattern(String component) - throws EAuthException { - if (component == null || component.length() == 0) + throws EAuthException { + if (component == null || component.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); parse(new PushbackReader(new StringReader(component))); } - public AVAPattern(PushbackReader in) - throws EAuthException { + public AVAPattern(PushbackReader in) + throws EAuthException { parse(in); } private void parse(PushbackReader in) - throws EAuthException { + throws EAuthException { int c; // mark ava beginning. @@ -179,19 +180,19 @@ class AVAPattern { } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); - // $rdn "." number syntax. + // $rdn "." number syntax. if (c == '$') { //System.out.println("$rdn syntax"); mType = TYPE_RDN; try { - if (in.read() != 'r' || - in.read() != 'd' || - in.read() != 'n' || - in.read() != '.') + if (in.read() != 'r' || + in.read() != 'd' || + in.read() != 'n' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); @@ -212,7 +213,7 @@ class AVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); - if (rdnNumber.length() == 0) + if (rdnNumber.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; @@ -227,15 +228,15 @@ class AVAPattern { // read name //System.out.println("reading name"); - StringBuffer attrBuf = new StringBuffer(); + StringBuffer attrBuf = new StringBuffer(); try { while (c != '=' && c != -1 && c != ',' && c != '+') { attrBuf.append((char) c); c = in.read(); //System.out.println("name read "+(char)c); - } - if (c == ',' || c == '+') + } + if (c == ',' || c == '+') in.unread(c); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); @@ -243,11 +244,11 @@ class AVAPattern { if (c != '=') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); - // read value - //System.out.println("reading value"); + // read value + //System.out.println("reading value"); - // skip spaces - //System.out.println("skip spaces for value"); + // skip spaces + //System.out.println("skip spaces for value"); try { while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c); ; @@ -255,7 +256,7 @@ class AVAPattern { } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); if (c == '$') { @@ -266,16 +267,16 @@ class AVAPattern { } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $dn or $attr in ava pattern")); if (c == 'a') { try { - if (in.read() != 't' || - in.read() != 't' || - in.read() != 'r' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (in.read() != 't' || + in.read() != 't' || + in.read() != 'r' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $attr in ava pattern")); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); @@ -284,8 +285,8 @@ class AVAPattern { //System.out.println("---- mtype $attr"); } else if (c == 'd') { try { - if (in.read() != 'n' || - in.read() != '.') + if (in.read() != 'n' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $dn in ava pattern")); } catch (IOException e) { @@ -294,21 +295,21 @@ class AVAPattern { mType = TYPE_DN; //System.out.println("----- mtype $dn"); } else { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $dn or $attr.")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "unknown keyword. expecting $dn or $attr.")); } // get attr name of dn pattern from above. String attrName = attrBuf.toString().trim(); //System.out.println("----- attrName "+attrName); - if (attrName.length() == 0) + if (attrName.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); - try { - ObjectIdentifier attrOid = - mLdapDNStrConverter.parseAVAKeyword(attrName); + try { + ObjectIdentifier attrOid = + mLdapDNStrConverter.parseAVAKeyword(attrName); - mAttr = mLdapDNStrConverter.encodeOID(attrOid); + mAttr = mLdapDNStrConverter.encodeOID(attrOid); //System.out.println("----- mAttr "+mAttr); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage())); @@ -318,8 +319,8 @@ class AVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { //System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } @@ -330,12 +331,12 @@ class AVAPattern { } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) + if (mValue.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$dn or $attr attribute name expected")); - //System.out.println("----- mValue "+mValue); + //System.out.println("----- mValue "+mValue); - // get nth dn or attribute from ldap search. + // get nth dn or attribute from ldap search. if (c == '.') { StringBuffer attrNumberBuf = new StringBuffer(); @@ -345,13 +346,13 @@ class AVAPattern { attrNumberBuf.append((char) c); } if (c != -1) // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); - if (attrNumber.length() == 0) + if (attrNumber.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $dn or $attr expected")); try { @@ -372,7 +373,7 @@ class AVAPattern { valueBuf.append((char) c); try { while ((c = in.read()) != ',' && - c != -1) { + c != -1) { valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' @@ -381,8 +382,8 @@ class AVAPattern { } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage())); } - try { - AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); + try { + AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); mValue = ava.toLdapDNString(); //System.out.println("----- mValue "+mValue); @@ -393,19 +394,19 @@ class AVAPattern { } public String formAVA(LDAPEntry entry) - throws EAuthException { - if (mType == TYPE_CONSTANT) + throws EAuthException { + if (mType == TYPE_CONSTANT) return mValue; if (mType == TYPE_RDN) { String dn = entry.getDN(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); - if (mElement >= rdns.length) + if (mElement >= rdns.length) return null; return rdns[mElement]; } @@ -413,9 +414,9 @@ class AVAPattern { if (mType == TYPE_DN) { String dn = entry.getDN(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; int nFound = -1; @@ -426,14 +427,14 @@ class AVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } } } - if (value == null) + if (value == null) return null; return mAttr + "=" + value; } @@ -441,11 +442,11 @@ class AVAPattern { if (mType == TYPE_ATTR) { LDAPAttribute ldapAttr = entry.getAttribute(mValue); - if (ldapAttr == null) + if (ldapAttr == null) return null; String value = null; @SuppressWarnings("unchecked") - Enumeration<String> ldapValues = ldapAttr.getStringValues(); + Enumeration<String> ldapValues = ldapAttr.getStringValues(); for (int i = 0; ldapValues.hasMoreElements(); i++) { String val = (String) ldapValues.nextElement(); @@ -455,7 +456,7 @@ class AVAPattern { break; } } - if (value == null) + if (value == null) return null; String v = escapeLdapString(value); @@ -486,16 +487,16 @@ class AVAPattern { int k = i + 1; if (i == len - 1 || - (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' || - c[k] == '>' || c[k] == '#' || c[k] == ';')) { + (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' || + c[k] == '>' || c[k] == '#' || c[k] == ';')) { newc[j++] = '\\'; newc[j++] = c[i]; } } // escape QUOTATION else if (c[i] == '"') { - if ((i == 0 && c[len - 1] != '"') || - (i == len - 1 && c[0] != '"') || - (i > 0 && i < len - 1)) { + if ((i == 0 && c[len - 1] != '"') || + (i == len - 1 && c[0] != '"') || + (i > 0 && i < len - 1)) { newc[j++] = '\\'; newc[j++] = c[i]; } @@ -513,20 +514,20 @@ class AVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' + * Explode RDN into AVAs. + * Does not handle escaped '+' * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * If RDN is malformed returns empty array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); - if (plus == -1) + if (plus == -1) return new String[] { rdn }; Vector<String> avas = new Vector<String>(); StringTokenizer token = new StringTokenizer(rdn, "+"); - while (token.hasMoreTokens()) + while (token.hasMoreTokens()) avas.addElement(token.nextToken()); String[] theAvas = new String[avas.size()]; @@ -535,17 +536,16 @@ class AVAPattern { } /** - * Explode AVA into name and value. + * Explode AVA into name and value. * Does not handle escaped '=' * If AVA is malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); - if (equals == -1) + if (equals == -1) return null; return new String[] { - ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()}; + ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java index 270d1fa2..65ef434a 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -48,16 +47,15 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; - /** - * Certificate server agent authentication. - * Maps a SSL client authenticate certificate to a user (agent) entry in the - * internal database. + * Certificate server agent authentication. + * Maps a SSL client authenticate certificate to a user (agent) entry in the + * internal database. * <P> - * + * * @version $Revision$, $Date$ */ -public class AgentCertAuthentication implements IAuthManager, +public class AgentCertAuthentication implements IAuthManager, IProfileAuthenticator { /* result auth token attributes */ @@ -91,14 +89,14 @@ public class AgentCertAuthentication implements IAuthManager, /** * initializes the CertUserDBAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing - * all available authentication managers. + * called by AuthSubsystem init() method, when initializing all available authentication managers. + * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -106,7 +104,7 @@ public class AgentCertAuthentication implements IAuthManager, mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); mCULocator = mUGSub.getCertUserLocator(); } - + /** * Gets the name of this authentication manager. */ @@ -120,7 +118,7 @@ public class AgentCertAuthentication implements IAuthManager, public String getImplName() { return mImplName; } - + public boolean isSSLClientRequired() { return true; } @@ -128,29 +126,29 @@ public class AgentCertAuthentication implements IAuthManager, /** * authenticates user(agent) by certificate * <p> - * called by other subsystems or their servlets to authenticate - * users (agents) + * called by other subsystems or their servlets to authenticate users (agents) + * * @param authCred - authentication credential that contains - * an usrgrp.Certificates of the user (agent) + * an usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * + * * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - + throws EMissingCredential, EInvalidCredentials, EBaseException { + CMS.debug("AgentCertAuthentication: start"); - CMS.debug("authenticator instance name is "+getName()); + CMS.debug("authenticator instance name is " + getName()); // force SSL handshake SessionContext context = SessionContext.getExistingContext(); ISSLClientCertProvider provider = (ISSLClientCertProvider) - context.get("sslClientCertProvider"); + context.get("sslClientCertProvider"); if (provider == null) { CMS.debug("AgentCertAuthentication: No SSL Client Cert Provider Found"); @@ -185,15 +183,15 @@ public class AgentCertAuthentication implements IAuthManager, // check if certificate(s) is revoked boolean checkRevocation = true; try { - checkRevocation = mConfig.getBoolean("checkRevocation", true); + checkRevocation = mConfig.getBoolean("checkRevocation", true); } catch (EBaseException e) { - // do nothing; default to true + // do nothing; default to true } if (checkRevocation) { - if (CMS.isRevoked(ci)) { - CMS.debug("AgentCertAuthentication: certificate revoked"); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } + if (CMS.isRevoked(ci)) { + CMS.debug("AgentCertAuthentication: certificate revoked"); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } } // map cert to user @@ -205,7 +203,7 @@ public class AgentCertAuthentication implements IAuthManager, } catch (EUsrGrpException e) { throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } catch (netscape.ldap.LDAPException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } @@ -219,16 +217,16 @@ public class AgentCertAuthentication implements IAuthManager, IConfigStore sconfig = CMS.getConfigStore(); String groupname = ""; try { - groupname = sconfig.getString("auths.instance."+ getName() +".agentGroup", - ""); + groupname = sconfig.getString("auths.instance." + getName() + ".agentGroup", + ""); } catch (EBaseException ee) { } if (!groupname.equals("")) { - CMS.debug("check if "+user.getUserID()+" is in group "+groupname); - IUGSubsystem uggroup = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + CMS.debug("check if " + user.getUserID() + " is in group " + groupname); + IUGSubsystem uggroup = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); if (!uggroup.isMemberOf(user, groupname)) { - CMS.debug(user.getUserID()+" is not in this group "+groupname); + CMS.debug(user.getUserID() + " is not in this group " + groupname); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHORIZATION_ERROR")); } } @@ -237,7 +235,7 @@ public class AgentCertAuthentication implements IAuthManager, authToken.set(TOKEN_USERID, user.getUserID()); authToken.set(TOKEN_UID, user.getUserID()); authToken.set(TOKEN_GROUP, groupname); - authToken.set(CRED_CERT, certs); + authToken.set(CRED_CERT, certs); CMS.debug("AgentCertAuthentication: authenticated " + user.getUserDN()); @@ -246,10 +244,11 @@ public class AgentCertAuthentication implements IAuthManager, /** * get the list of authentication credential attribute names - * required by this authentication manager. Generally used by - * the servlets that handle agent operations to authenticate its - * users. It calls this method to know which are the - * required credentials from the user (e.g. Javascript form data) + * required by this authentication manager. Generally used by + * the servlets that handle agent operations to authenticate its + * users. It calls this method to know which are the + * required credentials from the user (e.g. Javascript form data) + * * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -258,14 +257,15 @@ public class AgentCertAuthentication implements IAuthManager, /** * get the list of configuration parameter names - * required by this authentication manager. Generally used by - * the Certificate Server Console to display the table for - * configuration purposes. CertUserDBAuthentication is currently not - * exposed in this case, so this method is not to be used. + * required by this authentication manager. Generally used by + * the Certificate Server Console to display the table for + * configuration purposes. CertUserDBAuthentication is currently not + * exposed in this case, so this method is not to be used. + * * @return configuration parameter names in Hashtable of Vectors - * where each hashtable entry's key is the substore name, value is a - * Vector of parameter names. If no substore, the parameter name - * is the Hashtable key itself, with value same as key. + * where each hashtable entry's key is the substore name, value is a + * Vector of parameter names. If no substore, the parameter name + * is the Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -279,7 +279,8 @@ public class AgentCertAuthentication implements IAuthManager, /** * gets the configuretion substore used by this authentication - * manager + * manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -289,7 +290,7 @@ public class AgentCertAuthentication implements IAuthManager, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -326,6 +327,6 @@ public class AgentCertAuthentication implements IAuthManager, } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java index fef68c1c..c699be92 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -20,7 +20,6 @@ package com.netscape.cms.authentication; - /////////////////////// // import statements // /////////////////////// @@ -101,7 +100,7 @@ import com.netscape.cmsutil.util.Utils; /** * UID/CMC authentication plug-in * <P> - * + * * @version $Revision$, $Date$ */ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, @@ -110,133 +109,126 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, //////////////////////// // default parameters // //////////////////////// - - - + ///////////////////////////// // IAuthManager parameters // ///////////////////////////// - + /* authentication plug-in configuration store */ private IConfigStore mConfig; private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke"; + public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke"; public static final String REASON_CODE = "reasonCode"; /* authentication plug-in name */ private String mImplName = null; - + /* authentication plug-in instance name */ private String mName = null; - + /* authentication plug-in fields */ - - - + /* Holds authentication plug-in fields accepted by this implementation. * This list is passed to the configuration console so configuration * for instances of this implementation can be configured through the * console. */ protected static String[] mConfigParams = - new String[] {}; - + new String[] {}; + /* authentication plug-in values */ - + /* authentication plug-in properties */ - - + /* required credentials to authenticate. UID and CMC are strings. */ public static final String CRED_CMC = "cmcRequest"; - + protected static String[] mRequiredCreds = {}; - + //////////////////////////////////// // IExtendedPluginInfo parameters // //////////////////////////////////// - + /* Vector of extendedPluginInfo strings */ protected static Vector mExtendedPluginInfo = null; //public static final String AGENT_AUTHMGR_ID = "agentAuthMgr"; //public static final String AGENT_PLUGIN_ID = "agentAuthPlugin"; - - + /* actual help messages */ static { mExtendedPluginInfo = new Vector(); - + mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); + ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authentication"); + ";configuration-authentication"); } - + /////////////////////// // Logger parameters // /////////////////////// - + /* the system's logger */ private ILogger mLogger = CMS.getLogger(); - + /* signed audit parameters */ private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = - "enrollment"; + "enrollment"; private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = - "revocation"; - private final static String - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY = - "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5"; + "revocation"; + private final static String LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY = + "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5"; ///////////////////// // default methods // ///////////////////// - + /** * Default constructor, initialization must follow. */ public CMCAuth() { } - + ////////////////////////// // IAuthManager methods // ////////////////////////// - + /** * Initializes the CMCAuth authentication plug-in. * <p> + * * @param name The name for this authentication plug-in instance. * @param implName The name of the authentication plug-in. * @param config - The configuration store for this instance. * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; - + log(ILogger.LL_INFO, "Initialization complete!"); } - + /** * Authenticates user by their CMC; * resulting AuthToken sets a TOKEN_SUBJECT for the subject name. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY - * used when CMC (agent-pre-signed) cert requests or revocation requests - * are submitted and signature is verified + * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified * </ul> + * * @param authCred Authentication credentials, CRED_UID and CRED_CMC. * @return an AuthToken * @exception com.netscape.certsrv.authentication.EMissingCredential - * If a required authentication credential is missing. + * If a required authentication credential is missing. * @exception com.netscape.certsrv.authentication.EInvalidCredentials - * If credentials failed authentication. + * If credentials failed authentication. * @exception com.netscape.certsrv.base.EBaseException - * If an internal error occurred. + * If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException { @@ -245,13 +237,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, String auditReqType = ILogger.UNIDENTIFIED; String auditCertSubject = ILogger.UNIDENTIFIED; String auditSignerInfo = ILogger.UNIDENTIFIED; - + // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { // get the CMC. - Object argblock = (Object)(authCred.getArgBlock()); + Object argblock = (Object) (authCred.getArgBlock()); Object returnVal = null; if (argblock == null) { returnVal = authCred.get("cert_request"); @@ -266,140 +258,139 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, if (cmc == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_CMC)); + "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } if (cmc.equals("")) { log(ILogger.LL_FAILURE, - "cmc : attempted login with empty CMC."); + "cmc : attempted login with empty CMC."); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); throw new EInvalidCredentials(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + // authenticate by checking CMC. - + // everything OK. // now formulate the certificate info. // set the subject name at a minimum. // set anything else like version, extensions, etc. // if nothing except subject name is set the rest of // cert info will be filled in by policies and CA defaults. - + AuthToken authToken = new AuthToken(this); - + try { String asciiBASE64Blob; - + int startIndex = cmc.indexOf(HEADER); int endIndex = cmc.indexOf(TRAILER); - if (startIndex!= -1 && endIndex!=-1) { + if (startIndex != -1 && endIndex != -1) { startIndex = startIndex + HEADER.length(); - asciiBASE64Blob=cmc.substring(startIndex, endIndex); - }else + asciiBASE64Blob = cmc.substring(startIndex, endIndex); + } else asciiBASE64Blob = cmc; - byte[] cmcBlob = CMS.AtoB(asciiBASE64Blob); - ByteArrayInputStream cmcBlobIn= new + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob); - + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = - (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode( - cmcBlobIn); + (org.mozilla.jss.pkix.cms.ContentInfo) + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode( + cmcBlobIn); - if(!cmcReq.getContentType().equals( - org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || - !cmcReq.hasContent()) { + if (!cmcReq.getContentType().equals( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || + !cmcReq.hasContent()) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // throw new ECMSGWException(CMSGWResources.NO_CMC_CONTENT); throw new EBaseException("NO_CMC_CONTENT"); } - + SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent(); - + IConfigStore cmc_config = CMS.getConfigStore(); boolean checkSignerInfo = - cmc_config.getBoolean("cmc.signerInfo.verify", true); + cmc_config.getBoolean("cmc.signerInfo.verify", true); String userid = "defUser"; String uid = "defUser"; if (checkSignerInfo) { - IAuthToken agentToken = verifySignerInfo(authToken,cmcFullReq); + IAuthToken agentToken = verifySignerInfo(authToken, cmcFullReq); userid = agentToken.getInString("userid"); uid = agentToken.getInString("cn"); } else { CMS.debug("CMCAuth: authenticate() signerInfo verification bypassed"); } // reset value of auditSignerInfo - if( uid != null ) { + if (uid != null) { auditSignerInfo = uid.trim(); } EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); - + OBJECT_IDENTIFIER id = ci.getContentType(); if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || - !ci.hasContent()) { + !ci.hasContent()) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // throw new ECMSGWException( // CMSGWResources.NO_PKIDATA); throw new EBaseException("NO_PKIDATA"); } - + OCTET_STRING content = ci.getContent(); - + ByteArrayInputStream s = new - ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); - + SEQUENCE reqSequence = pkiData.getReqSequence(); - + int numReqs = reqSequence.size(); if (numReqs == 0) { @@ -414,11 +405,11 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, if (controlSize > 0) { for (int i = 0; i < controlSize; i++) { TaggedAttribute taggedAttribute = - (TaggedAttribute) controlSequence.elementAt(i); + (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttribute.getType(); - if( type.equals( - OBJECT_IDENTIFIER.id_cmc_revokeRequest)) { + if (type.equals( + OBJECT_IDENTIFIER.id_cmc_revokeRequest)) { // if( i ==1 ) { // taggedAttribute.getType() == // OBJECT_IDENTIFIER.id_cmc_revokeRequest @@ -431,19 +422,17 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, bigIntArray = new BigInteger[numVals]; for (int j = 0; j < numVals; j++) { // serialNumber INTEGER - + // SEQUENCE RevRequest = (SEQUENCE) // values.elementAt(j); byte[] encoded = ASN1Util.encode( - values.elementAt(j)); - org.mozilla.jss.asn1.ASN1Template - template = new - org.mozilla.jss.pkix.cmmf.RevRequest.Template(); - org.mozilla.jss.pkix.cmmf.RevRequest - revRequest = - (org.mozilla.jss.pkix.cmmf.RevRequest) - ASN1Util.decode(template, encoded); - + values.elementAt(j)); + org.mozilla.jss.asn1.ASN1Template template = new + org.mozilla.jss.pkix.cmmf.RevRequest.Template(); + org.mozilla.jss.pkix.cmmf.RevRequest revRequest = + (org.mozilla.jss.pkix.cmmf.RevRequest) + ASN1Util.decode(template, encoded); + // SEQUENCE RevRequest = (SEQUENCE) // ASN1Util.decode( // SEQUENCE.getTemplate(), @@ -460,20 +449,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, INTEGER temp = revRequest.getSerialNumber(); int temp2 = temp.intValue(); - + bigIntArray[j] = temp; - authToken.set(TOKEN_CERT_SERIAL,bigIntArray); - + authToken.set(TOKEN_CERT_SERIAL, bigIntArray); + long reasonCode = revRequest.getReason().getValue(); - Integer IntObject = Integer.valueOf((int)reasonCode); - authToken.set(REASON_CODE,IntObject); - - authToken.set("uid",uid); - authToken.set("userid",userid); + Integer IntObject = Integer.valueOf((int) reasonCode); + authToken.set(REASON_CODE, IntObject); + + authToken.set("uid", uid); + authToken.set("userid", userid); } } } - + } } else { // enrollment request @@ -487,33 +476,33 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, for (int i = 0; i < numReqs; i++) { // decode message. TaggedRequest taggedRequest = - (TaggedRequest) reqSequence.elementAt(i); + (TaggedRequest) reqSequence.elementAt(i); TaggedRequest.Type type = taggedRequest.getType(); if (type.equals(TaggedRequest.PKCS10)) { CMS.debug("CMCAuth: in PKCS10"); TaggedCertificationRequest tcr = - taggedRequest.getTcr(); + taggedRequest.getTcr(); int p10Id = tcr.getBodyPartID().intValue(); reqIdArray[i] = String.valueOf(p10Id); CertificationRequest p10 = - tcr.getCertificationRequest(); + tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); p10.encode(ostream); try { PKCS10 pkcs10 = - new PKCS10(ostream.toByteArray()); + new PKCS10(ostream.toByteArray()); // xxx do we need to do anything else? X509CertInfo certInfo = - CMS.getDefaultX509CertInfo(); + CMS.getDefaultX509CertInfo(); // fillPKCS10(certInfo,pkcs10,authToken,null); @@ -523,12 +512,12 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, X500Name tempName = pkcs10.getSubjectName(); // reset value of auditCertSubject - if( tempName != null ) { + if (tempName != null) { auditCertSubject = - tempName.toString().trim(); - if( auditCertSubject.equals( "" ) ) { + tempName.toString().trim(); + if (auditCertSubject.equals("")) { auditCertSubject = - ILogger.SIGNED_AUDIT_EMPTY_VALUE; + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } authToken.set(AuthToken.TOKEN_CERT_SUBJECT, tempName.toString()); @@ -541,19 +530,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); //throw new ECMSGWException( //CMSGWResources.ERROR_PKCS101, e.toString()); - e.printStackTrace(); + e.printStackTrace(); throw new EBaseException(e.toString()); } } else if (type.equals(TaggedRequest.CRMF)) { @@ -561,7 +550,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, CMS.debug("CMCAuth: in CRMF"); try { CertReqMsg crm = - taggedRequest.getCrm(); + taggedRequest.getCrm(); CertRequest certReq = crm.getCertReq(); INTEGER reqID = certReq.getCertReqId(); reqIdArray[i] = reqID.toString(); @@ -570,16 +559,16 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // xxx do we need to do anything else? X509CertInfo certInfo = - CMS.getDefaultX509CertInfo(); + CMS.getDefaultX509CertInfo(); // reset value of auditCertSubject - if( name != null ) { + if (name != null) { String ss = name.getRFC1485(); auditCertSubject = ss; - if( auditCertSubject.equals( "" ) ) { + if (auditCertSubject.equals("")) { auditCertSubject = - ILogger.SIGNED_AUDIT_EMPTY_VALUE; + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } authToken.set(AuthToken.TOKEN_CERT_SUBJECT, ss); @@ -590,14 +579,14 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); //throw new ECMSGWException( //CMSGWResources.ERROR_PKCS101, e.toString()); @@ -615,134 +604,138 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); //Debug.printStackTrace(e); throw new EInvalidCredentials(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + "CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.SUCCESS, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.SUCCESS, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); return authToken; - } catch( EMissingCredential eAudit1 ) { + } catch (EMissingCredential eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; - } catch( EInvalidCredentials eAudit2 ) { + } catch (EInvalidCredentials eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - } catch( EBaseException eAudit3 ) { + } catch (EBaseException eAudit3) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, - auditSubjectID, - ILogger.FAILURE, - auditReqType, - auditCertSubject, - auditSignerInfo ); + LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY, + auditSubjectID, + ILogger.FAILURE, + auditReqType, + auditCertSubject, + auditSignerInfo); - audit( auditMessage ); + audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit3; } } - + /** * Returns a list of configuration parameter names. * The list is passed to the configuration console so instances of * this implementation can be configured through the console. * <p> + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } - + /** * gets the configuration substore used by this authentication - * plug-in + * plug-in * <p> + * * @return configuration store */ public IConfigStore getConfigStore() { return mConfig; } - + /** * gets the plug-in name of this authentication plug-in. */ public String getImplName() { return mImplName; } - + /** * gets the name of this authentication plug-in instance */ public String getName() { return mName; } - + /** * get the list of required credentials. * <p> + * * @return list of required credentials as strings. */ public String[] getRequiredCreds() { return (mRequiredCreds); } - + /** * prepares for shutdown. */ public void shutdown() { } - + ///////////////////////////////// // IExtendedPluginInfo methods // ///////////////////////////////// - + /** * Activate the help system. * <p> + * * @return help messages */ public String[] getExtendedPluginInfo() { @@ -755,14 +748,15 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } return s; } - + //////////////////// // Logger methods // //////////////////// - + /** * Logs a message for this class in the system log file. * <p> + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -771,19 +765,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, "CMC Authentication: " + msg); + level, "CMC Authentication: " + msg); } - - protected IAuthToken verifySignerInfo(AuthToken authToken,SignedData cmcFullReq) throws EInvalidCredentials { - + + protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EInvalidCredentials { + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - + try { ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); - + SET dais = cmcFullReq.getDigestAlgorithmIdentifiers(); int numDig = dais.size(); Hashtable digs = new Hashtable(); @@ -792,24 +786,24 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, //object in the signedData object. for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); + (AlgorithmIdentifier) dais.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); - + DigestAlgorithm.fromOID(dai.getOID()).toString(); + MessageDigest md = - MessageDigest.getInstance(name); - + MessageDigest.getInstance(name); + byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } - + SET sis = cmcFullReq.getSignerInfos(); int numSis = sis.size(); - + for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i); - + String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -819,7 +813,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, pkiData.encode((OutputStream) ostream); digest = md.digest(ostream.toByteArray()); - + } // signed by previously certified signature key SignerIdentifier sid = si.getSignerIdentifier(); @@ -833,30 +827,29 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, SET certs = cmcFullReq.getCertificates(); int numCerts = certs.size(); java.security.cert.X509Certificate[] x509Certs = new java.security.cert.X509Certificate[1]; - byte[] certByteArray = new byte[0]; - for (int j = 0; j < numCerts; j++) { + byte[] certByteArray = new byte[0]; + for (int j = 0; j < numCerts; j++) { Certificate certJss = (Certificate) certs.elementAt(j); CertificateInfo certI = certJss.getInfo(); Name issuer = certI.getIssuer(); - + byte[] issuerB = ASN1Util.encode(issuer); - INTEGER sn = certI.getSerialNumber(); + INTEGER sn = certI.getSerialNumber(); // if this cert is the signer cert, not a cert in the chain if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString()) ) - { + && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); certJss.encode(os); - certByteArray = os.toByteArray(); - + certByteArray = os.toByteArray(); + X509CertImpl tempcert = new X509CertImpl(os.toByteArray()); cert = tempcert; x509Certs[0] = cert; - // xxx validate the cert length - + // xxx validate the cert length + } } CMS.debug("CMCAuth: start checking signature"); @@ -880,38 +873,38 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, si.verify(digest, id, pubK); } CMS.debug("CMCAuth: finished checking signature"); - // verify signer's certificate using the revocator - CryptoManager cm = CryptoManager.getInstance(); - if( ! cm.isCertValid( certByteArray, true,CryptoManager.CertUsage.SSLClient) ) + // verify signer's certificate using the revocator + CryptoManager cm = CryptoManager.getInstance(); + if (!cm.isCertValid(certByteArray, true, CryptoManager.CertUsage.SSLClient)) throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - // authenticate signer's certificate using the userdb + // authenticate signer's certificate using the userdb IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - + IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID); - IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials(); - + IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials(); + agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs); - + IAuthToken tempToken = agentAuth.authenticate(agentCred); netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN(); String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid"); - - BigInteger agentCertSerial = x509Certs[0].getSerialNumber(); - authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT,agentCertSerial.toString()); - tempToken.set("cn",CN); + + BigInteger agentCertSerial = x509Certs[0].getSerialNumber(); + authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString()); + tempToken.set("cn", CN); return tempToken; - + } // find from internaldb if it's ca. (ra does not have that.) // find from internaldb usrgrp info - + // find from certDB - si.verify(digest, id); - + si.verify(digest, id); + } // } - }catch (InvalidBERException e) { + } catch (InvalidBERException e) { CMS.debug("CMCAuth: " + e.toString()); } catch (IOException e) { CMS.debug("CMCAuth: " + e.toString()); @@ -919,7 +912,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } return (IAuthToken) null; - + } public String[] getExtendedPluginInfo(Locale locale) { @@ -929,22 +922,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** * Retrieves the localizable name of this policy. */ - public String getName(Locale locale) - { + public String getName(Locale locale) { return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_NAME"); } /** * Retrieves the localizable description of this policy. */ - public String getText(Locale locale) - { + public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_TEXT"); } @@ -968,13 +959,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(CRED_CMC)) { return new Descriptor(IDescriptor.STRING_LIST, null, null, - "CMC request"); + "CMC request"); } return null; } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(AuthToken.TOKEN_CERT_SUBJECT)); } @@ -985,10 +976,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Signed Audit Log - * + * * This method is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ private void audit(String msg) { @@ -1000,19 +991,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { @@ -1042,4 +1033,3 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java index 95012039..e6dd7087 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java +++ b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java @@ -17,149 +17,148 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - public class Crypt { // Static data: static byte[] - IP = // Initial permutation - { - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 + IP = // Initial permutation + { + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 }, - FP = // Final permutation, FP = IP^(-1) - { - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 + FP = // Final permutation, FP = IP^(-1) + { + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 }, - // Permuted-choice 1 from the key bits to yield C and D. - // Note that bits 8,16... are left out: - // They are intended for a parity check. - PC1_C = + // Permuted-choice 1 from the key bits to yield C and D. + // Note that bits 8,16... are left out: + // They are intended for a parity check. + PC1_C = { - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36 + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36 }, - PC1_D = + PC1_D = { - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 }, - shifts = // Sequence of shifts used for the key schedule. - { - 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 + shifts = // Sequence of shifts used for the key schedule. + { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }, - // Permuted-choice 2, to pick out the bits from - // the CD array that generate the key schedule. - PC2_C = + // Permuted-choice 2, to pick out the bits from + // the CD array that generate the key schedule. + PC2_C = { - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2 + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2 }, - PC2_D = + PC2_D = { - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 }, - e2 = // The E-bit selection table. (see E below) - { - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 + e2 = // The E-bit selection table. (see E below) + { + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 }, - // P is a permutation on the selected combination of - // the current L and key. - P = + // P is a permutation on the selected combination of + // the current L and key. + P = { - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 }; // The 8 selection functions. For some reason, they gave a 0-origin // index, unlike everything else. static byte[][] S = { - { - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 - }, { - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 - }, { - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 - }, { - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 - }, { - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 - }, { - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 - }, { - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 - }, { - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 - } + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } }; // Dynamic data: - byte[] C = new byte[28], // The C and D arrays used to - D = new byte[28], // calculate the key schedule. - E = new byte[48], // The E bit-selection table. - L = new byte[32], // The current block, - R = new byte[32], // divided into two halves. - tempL = new byte[32], - f = new byte[32], - preS = new byte[48]; // The combination of the key and + byte[] C = new byte[28], // The C and D arrays used to + D = new byte[28], // calculate the key schedule. + E = new byte[48], // The E bit-selection table. + L = new byte[32], // The current block, + R = new byte[32], // divided into two halves. + tempL = new byte[32], + f = new byte[32], + preS = new byte[48]; // The combination of the key and // the input, before selection. // The key schedule. Generated from the key. byte[][] KS = new byte[16][48]; @@ -169,7 +168,7 @@ public class Crypt { // Public methods: /** - * Create Crypt object with no passwd or salt set. Must use setPasswd() + * Create Crypt object with no passwd or salt set. Must use setPasswd() * and setSalt() before getEncryptedPasswd(). */ public Crypt() { @@ -177,9 +176,9 @@ public class Crypt { } /** - * Create a Crypt object with specified salt. Use setPasswd() before + * Create a Crypt object with specified salt. Use setPasswd() before * getEncryptedPasswd(). - * + * * @param salt the salt string for encryption */ public Crypt(String salt) { @@ -190,9 +189,9 @@ public class Crypt { /** * Create a Crypt object with specified passwd and salt (often the - * already encypted passwd). Get the encrypted result with + * already encypted passwd). Get the encrypted result with * getEncryptedPasswd(). - * + * * @param passwd the passwd to encrypt * @param salt the salt string for encryption */ @@ -204,7 +203,7 @@ public class Crypt { /** * Retrieve the passwd string currently being encrypted. - * + * * @return the current passwd string */ public String getPasswd() { @@ -213,7 +212,7 @@ public class Crypt { /** * Retrieve the salt string currently being used for encryption. - * + * * @return the current salt string */ public String getSalt() { @@ -223,7 +222,7 @@ public class Crypt { /** * Retrieve the resulting encrypted string from the current passwd and * salt settings. - * + * * @return the encrypted passwd */ public String getEncryptedPasswd() { @@ -231,9 +230,9 @@ public class Crypt { } /** - * Set a new passwd string for encryption. Use getEncryptedPasswd() to + * Set a new passwd string for encryption. Use getEncryptedPasswd() to * retrieve the new result. - * + * * @param passwd the new passwd string */ public void setPasswd(String passwd) { @@ -242,9 +241,9 @@ public class Crypt { } /** - * Set a new salt string for encryption. Use getEncryptedPasswd() to + * Set a new salt string for encryption. Use getEncryptedPasswd() to * retrieve the new result. - * + * * @param salt the new salt string */ public void setSalt(String salt) { @@ -254,14 +253,12 @@ public class Crypt { // Internal crypt methods: String crypt() { - if (Salt.length() == 0) return ""; + if (Salt.length() == 0) + return ""; int i, j, pwi; byte c, temp; - byte[] block = new byte[66], - iobuf = new byte[16], - salt = new byte[2], - pw = Passwd.getBytes(), //jdk1.1 - saltbytes = Salt.getBytes(); //jdk1.1 + byte[] block = new byte[66], iobuf = new byte[16], salt = new byte[2], pw = Passwd.getBytes(), //jdk1.1 + saltbytes = Salt.getBytes(); //jdk1.1 // pw = new byte[Passwd.length()], //jdk1.0.2 // saltbytes = new byte[Salt.length()]; //jdk1.0.2 @@ -288,8 +285,10 @@ public class Crypt { for (i = 0; i < 2; i++) { c = salt[i]; iobuf[i] = c; - if (c > 'Z') c -= 6; - if (c > '9') c -= 7; + if (c > 'Z') + c -= 6; + if (c > '9') + c -= 7; c -= '.'; for (j = 0; j < 6; j++) { if (((c >> j) & 1) != 0) { @@ -311,8 +310,10 @@ public class Crypt { c |= block[6 * i + j]; } c += '.'; - if (c > '9') c += 7; - if (c > 'Z') c += 6; + if (c > '9') + c += 7; + if (c > 'Z') + c += 6; iobuf[i + 2] = c; } @@ -320,11 +321,11 @@ public class Crypt { if (iobuf[1] == 0) iobuf[1] = iobuf[0]; - return new String(iobuf); //jdk1.1 + return new String(iobuf); //jdk1.1 //return new String(iobuf,0); //jdk1.0.2 } - void setkey(byte[] key) // Set up the key schedule from the key. + void setkey(byte[] key) // Set up the key schedule from the key. { int i, j, k; byte t; @@ -378,32 +379,32 @@ public class Crypt { for (j = 32; j < 64; j++) R[j - 32] = block[IP[j] - 1]; - // Perform an encryption operation 16 times. + // Perform an encryption operation 16 times. for (ii = 0; ii < 16; ii++) { i = ii; // Save the R array, which will be the new L. for (j = 0; j < 32; j++) tempL[j] = R[j]; - // Expand R to 48 bits using the E selector; - // exclusive-or with the current key bits. + // Expand R to 48 bits using the E selector; + // exclusive-or with the current key bits. for (j = 0; j < 48; j++) preS[j] = (byte) (R[E[j] - 1] ^ KS[i][j]); - // The pre-select bits are now considered in 8 groups of - // 6 bits each. The 8 selection functions map these 6-bit - // quantities into 4-bit quantities and the results permuted - // to make an f(R, K). The indexing into the selection functions - // is peculiar; it could be simplified by rewriting the tables. + // The pre-select bits are now considered in 8 groups of + // 6 bits each. The 8 selection functions map these 6-bit + // quantities into 4-bit quantities and the results permuted + // to make an f(R, K). The indexing into the selection functions + // is peculiar; it could be simplified by rewriting the tables. for (j = 0; j < 8; j++) { t = 6 * j; - k = S[j][ (preS[t ] << 5) + + k = S[j][(preS[t] << 5) + (preS[t + 1] << 3) + (preS[t + 2] << 2) + (preS[t + 3] << 1) + (preS[t + 4]) + - (preS[t + 5] << 4) ]; + (preS[t + 5] << 4)]; t = 4 * j; - f[t ] = (byte) ((k >> 3) & 1); + f[t] = (byte) ((k >> 3) & 1); f[t + 1] = (byte) ((k >> 2) & 1); f[t + 2] = (byte) ((k >> 1) & 1); f[t + 3] = (byte) ((k) & 1); diff --git a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java index 1f2eb69a..21280f0f 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -28,24 +27,25 @@ import netscape.ldap.LDAPEntry; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.base.EBaseException; - /** - * class for parsing a DN pattern used to construct a certificate - * subject name from ldap attributes and dn.<p> + * class for parsing a DN pattern used to construct a certificate + * subject name from ldap attributes and dn. + * <p> * - * dnpattern is a string representing a subject name pattern to formulate from - * the directory attributes and entry dn. If empty or not set, the - * ldap entry DN will be used as the certificate subject name. <p> + * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$attr" "." attrName [ "." attrNumber ] | - * name "=" "$dn" "." attrName [ "." attrNumber ] | - * "$dn" "." "$rdn" "." number + * name "=" "$attr" "." attrName [ "." attrNumber ] | + * name "=" "$dn" "." attrName [ "." attrNumber ] | + * "$dn" "." "$rdn" "." number * </pre> + * * <pre> * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i> * Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org @@ -72,11 +72,12 @@ import com.netscape.certsrv.base.EBaseException; * E = the first 'mail' ldap attribute value in user's entry. <br> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN. note multiple AVAs - * in a RDN in this example. <br> + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> + * * <pre> * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i> * Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org @@ -101,15 +102,15 @@ import com.netscape.certsrv.base.EBaseException; * <p> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN followed by the - * first 'ou' value in the user's entry. note multiple AVAs - * in a RDN in this example. <br> + * first 'ou' value in the user's entry. note multiple AVAs + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> - * If an attribute or subject DN component does not exist the attribute - * is skipped. - * + * + * If an attribute or subject DN component does not exist the attribute is skipped. + * * @version $Revision$, $Date$ */ public class DNPattern { @@ -125,13 +126,14 @@ public class DNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattern the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ public DNPattern(String pattern) - throws EAuthException { + throws EAuthException { if (pattern == null || pattern.equals("")) { // create an attribute list that is the dn. mLdapAttrs = new String[] { "dn" }; @@ -143,13 +145,13 @@ public class DNPattern { } } - public DNPattern(PushbackReader in) - throws EAuthException { + public DNPattern(PushbackReader in) + throws EAuthException { parse(in); } private void parse(PushbackReader in) - throws EAuthException { + throws EAuthException { Vector rdnPatterns = new Vector(); RDNPattern rdnPattern = null; int lastChar = -1; @@ -162,8 +164,7 @@ public class DNPattern { } catch (IOException e) { throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()); } - } - while (lastChar == ','); + } while (lastChar == ','); mRDNPatterns = new RDNPattern[rdnPatterns.size()]; rdnPatterns.copyInto(mRDNPatterns); @@ -173,8 +174,8 @@ public class DNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getLdapAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) ldapAttrs.addElement(rdnAttrs[j]); } mLdapAttrs = new String[ldapAttrs.size()]; @@ -183,11 +184,12 @@ public class DNPattern { /** * Form a Ldap v3 DN string from results of a ldap search. + * * @param entry LDAPentry from a ldap search - * @return Ldap v3 DN string to use for a subject name. + * @return Ldap v3 DN string to use for a subject name. */ public String formDN(LDAPEntry entry) - throws EAuthException { + throws EAuthException { StringBuffer formedDN = new StringBuffer(); for (int i = 0; i < mRDNPatterns.length; i++) { @@ -197,7 +199,7 @@ public class DNPattern { if (rdn != null) { if (rdn != null && rdn.length() != 0) { - if (formedDN.length() != 0) + if (formedDN.length() != 0) formedDN.append(","); formedDN.append(rdn); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java index c9b64fca..4b6e4aa3 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.io.IOException; import java.security.cert.CertificateException; @@ -57,25 +56,25 @@ import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** * Abstract class for directory based authentication managers - * Uses a pattern for formulating subject names. - * The pattern is read from configuration file. + * Uses a pattern for formulating subject names. + * The pattern is read from configuration file. * Syntax of the pattern is described in the init() method. * * <P> + * * @version $Revision$, $Date$ */ -public abstract class DirBasedAuthentication - implements IAuthManager, IExtendedPluginInfo { +public abstract class DirBasedAuthentication + implements IAuthManager, IExtendedPluginInfo { - protected static final String USER_DN = "userDN"; + protected static final String USER_DN = "userDN"; /* configuration parameter keys */ - protected static final String PROP_LDAP = "ldap"; - protected static final String PROP_BASEDN = "basedn"; - protected static final String PROP_DNPATTERN = "dnpattern"; + protected static final String PROP_LDAP = "ldap"; + protected static final String PROP_BASEDN = "basedn"; + protected static final String PROP_DNPATTERN = "dnpattern"; protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes"; protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes"; @@ -117,8 +116,8 @@ public abstract class DirBasedAuthentication protected String[] mLdapAttrs = null; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c"; + protected static String DEFAULT_DNPATTERN = + "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c"; /* Vector of extendedPluginInfo strings */ protected static Vector<String> mExtendedPluginInfo = null; @@ -126,31 +125,31 @@ public abstract class DirBasedAuthentication static { mExtendedPluginInfo = new Vector<String>(); mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" + - " Subject Name. ($dn.xxx - get value from user's LDAP " + - "DN. $attr.yyy - get value from LDAP attributes in " + - "user's entry.) Default: " + DEFAULT_DNPATTERN); + " Subject Name. ($dn.xxx - get value from user's LDAP " + + "DN. $attr.yyy - get value from LDAP attributes in " + + "user's entry.) Default: " + DEFAULT_DNPATTERN); mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" + - "Comma-separated list of LDAP attributes to copy from " + - "the user's LDAP entry into the AuthToken. e.g use " + - "'mail' to copy user's email address for subjectAltName"); + "Comma-separated list of LDAP attributes to copy from " + + "the user's LDAP entry into the AuthToken. e.g use " + + "'mail' to copy user's email address for subjectAltName"); mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" + - "Comma-separated list of binary LDAP attributes to copy" + - " from the user's LDAP entry into the AuthToken"); + "Comma-separated list of binary LDAP attributes to copy" + + " from the user's LDAP entry into the AuthToken"); mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" + - "LDAP host to connect to"); + "LDAP host to connect to"); mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" + - "LDAP port number (use 389, or 636 if SSL)"); + "LDAP port number (use 389, or 636 if SSL)"); mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" + - "Use SSL to connect to directory?"); + "Use SSL to connect to directory?"); mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" + - "LDAP protocol version"); + "LDAP protocol version"); mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here"); + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here"); mExtendedPluginInfo.add("ldap.minConns;number;number of connections " + - "to keep open to directory server. Default 5."); + "to keep open to directory server. Default 5."); mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " + - "pool can grow to this many (multiplexed) connections. Default 1000."); + "pool can grow to this many (multiplexed) connections. Default 1000."); } /** @@ -163,24 +162,24 @@ public abstract class DirBasedAuthentication * Initializes the UidPwdDirBasedAuthentication auth manager. * * Takes the following configuration parameters: <br> + * * <pre> - * ldap.basedn - the ldap base dn. - * ldap.ldapconn.host - the ldap host. - * ldap.ldapconn.port - the ldap port - * ldap.ldapconn.secureConn - whether port should be secure - * ldap.minConns - minimum connections - * ldap.maxConns - max connections - * dnpattern - dn pattern. + * ldap.basedn - the ldap base dn. + * ldap.ldapconn.host - the ldap host. + * ldap.ldapconn.port - the ldap port + * ldap.ldapconn.secureConn - whether port should be secure + * ldap.minConns - minimum connections + * ldap.maxConns - max connections + * dnpattern - dn pattern. * </pre> * <p> - * <i><b>dnpattern</b></i> is a string representing a subject name pattern - * to formulate from the directory attributes and entry dn. If empty or - * not set, the ldap entry DN will be used as the certificate subject name. + * <i><b>dnpattern</b></i> is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name. * <p> - * The syntax is + * The syntax is + * * <pre> * dnpattern = SubjectNameComp *[ "," SubjectNameComp ] - * + * * SubjectNameComponent = DnComp | EntryComp | ConstantComp * DnComp = CertAttr "=" "$dn" "." DnAttr "." Num * EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num @@ -190,11 +189,12 @@ public abstract class DirBasedAuthentication * CertAttr = a Component in the Certificate Subject Name * (multiple AVA in one RDN not supported) * Num = the nth value of tha attribute in the dn or entry. - * Constant = Constant String, with any accepted ldap string value. + * Constant = Constant String, with any accepted ldap string value. * * </pre> * <p> * <b>Example:</b> + * * <pre> * dnpattern: * E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US @@ -213,6 +213,7 @@ public abstract class DirBasedAuthentication * </pre> * <p> * The subject name formulated in the cert will be : <br> + * * <pre> * E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US * @@ -229,19 +230,20 @@ public abstract class DirBasedAuthentication * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { init(name, implName, config, true); } public void init(String name, String implName, IConfigStore config, boolean needBaseDN) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; /* initialize ldap server configuration */ mLdapConfig = mConfig.getSubStore(PROP_LDAP); - if (needBaseDN) mBaseDN = mLdapConfig.getString(PROP_BASEDN); + if (needBaseDN) + mBaseDN = mLdapConfig.getString(PROP_BASEDN); if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals("")))) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn")); mConnFactory = CMS.getLdapAnonConnFactory(); @@ -250,7 +252,7 @@ public abstract class DirBasedAuthentication /* initialize dn pattern */ String pattern = mConfig.getString(PROP_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) + if (pattern == null || pattern.length() == 0) pattern = DEFAULT_DNPATTERN; mPattern = new DNPattern(pattern); String[] patternLdapAttrs = mPattern.getLdapAttrs(); @@ -261,15 +263,15 @@ public abstract class DirBasedAuthentication if (ldapStringAttrs == null) { mLdapStringAttrs = patternLdapAttrs; } else { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); int begin = 0; if (patternLdapAttrs != null && patternLdapAttrs.length > 0) { - mLdapStringAttrs = new String[ + mLdapStringAttrs = new String[ patternLdapAttrs.length + pAttrs.countTokens()]; - System.arraycopy(patternLdapAttrs, 0, - mLdapStringAttrs, 0, patternLdapAttrs.length); + System.arraycopy(patternLdapAttrs, 0, + mLdapStringAttrs, 0, patternLdapAttrs.length); begin = patternLdapAttrs.length; } else { mLdapStringAttrs = new String[pAttrs.countTokens()]; @@ -285,11 +287,11 @@ public abstract class DirBasedAuthentication if (ldapByteAttrs == null) { mLdapByteAttrs = new String[0]; } else { - StringTokenizer byteAttrs = - new StringTokenizer(ldapByteAttrs, ",", false); + StringTokenizer byteAttrs = + new StringTokenizer(ldapByteAttrs, ",", false); mLdapByteAttrs = new String[byteAttrs.countTokens()]; - for (int j = 0; j < mLdapByteAttrs.length; j++) { + for (int j = 0; j < mLdapByteAttrs.length; j++) { mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim(); } } @@ -297,10 +299,10 @@ public abstract class DirBasedAuthentication /* make the combined list */ mLdapAttrs = new String[mLdapStringAttrs.length + mLdapByteAttrs.length]; - System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, - 0, mLdapStringAttrs.length); - System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, - mLdapStringAttrs.length, mLdapByteAttrs.length); + System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, + 0, mLdapStringAttrs.length); + System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, + mLdapStringAttrs.length, mLdapByteAttrs.length); log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE")); } @@ -320,21 +322,22 @@ public abstract class DirBasedAuthentication } /** - * Authenticates user through LDAP by a set of credentials. + * Authenticates user through LDAP by a set of credentials. * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo * <p> + * * @param authCred Authentication credentials, CRED_UID and CRED_PWD. * @return A AuthToken with a TOKEN_SUBJECT of X500name type. * @exception com.netscape.certsrv.authentication.EMissingCredential - * If a required authentication credential is missing. + * If a required authentication credential is missing. * @exception com.netscape.certsrv.authentication.EInvalidCredentials - * If credentials failed authentication. - * @exception com.netscape.certsrv.base.EBaseException - * If an internal error occurred. + * If credentials failed authentication. + * @exception com.netscape.certsrv.base.EBaseException + * If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { String userdn = null; LDAPConnection conn = null; AuthToken authToken = new AuthToken(this); @@ -360,11 +363,11 @@ public abstract class DirBasedAuthentication // set subject name. try { CertificateSubjectName subjectname = (CertificateSubjectName) - certInfo.get(X509CertInfo.SUBJECT); + certInfo.get(X509CertInfo.SUBJECT); if (subjectname != null) - authToken.set(AuthToken.TOKEN_CERT_SUBJECT, - subjectname.toString()); + authToken.set(AuthToken.TOKEN_CERT_SUBJECT, + subjectname.toString()); } // error means it's not set. catch (CertificateException e) { } catch (IOException e) { @@ -373,15 +376,15 @@ public abstract class DirBasedAuthentication // set validity if any try { CertificateValidity validity = (CertificateValidity) - certInfo.get(X509CertInfo.VALIDITY); + certInfo.get(X509CertInfo.VALIDITY); if (validity != null) { // the gets throws IOException but only if attribute // not recognized. In these cases they are always. - authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, - (Date)validity.get(CertificateValidity.NOT_BEFORE)); - authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, - (Date)validity.get(CertificateValidity.NOT_AFTER)); + authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, + (Date) validity.get(CertificateValidity.NOT_BEFORE)); + authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, + (Date) validity.get(CertificateValidity.NOT_AFTER)); } } // error means it's not set. catch (CertificateException e) { @@ -391,7 +394,7 @@ public abstract class DirBasedAuthentication // set extensions if any. try { CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions); @@ -401,7 +404,7 @@ public abstract class DirBasedAuthentication } } finally { - if (conn != null) + if (conn != null) mConnFactory.returnConn(conn); } @@ -410,15 +413,16 @@ public abstract class DirBasedAuthentication /** * get the list of required credentials. + * * @return list of required credentials as strings. */ public abstract String[] getRequiredCreds(); /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public abstract String[] getConfigParams(); @@ -440,6 +444,7 @@ public abstract class DirBasedAuthentication /** * Gets the configuration substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -452,11 +457,11 @@ public abstract class DirBasedAuthentication * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ protected abstract String authenticate( - LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) - throws EBaseException; + LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) + throws EBaseException; /** * Formulate the cert info. @@ -465,13 +470,13 @@ public abstract class DirBasedAuthentication * @param userdn The user's dn. * @param certinfo A certinfo object to fill. * @param token A authentication token to fill. - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected void formCertInfo(LDAPConnection conn, - String userdn, - X509CertInfo certinfo, - AuthToken token) - throws EBaseException { + protected void formCertInfo(LDAPConnection conn, + String userdn, + X509CertInfo certinfo, + AuthToken token) + throws EBaseException { String dn = null; // get ldap attributes to retrieve. String[] attrs = getLdapAttrs(); @@ -480,9 +485,9 @@ public abstract class DirBasedAuthentication try { if (conn != null) { LDAPEntry entry = null; - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - attrs, false); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + attrs, false); if (!results.hasMoreElements()) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR")); @@ -508,19 +513,19 @@ public abstract class DirBasedAuthentication // pack the dn into X500name and set subject name. if (dn.length() == 0) { - EBaseException ex = - new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName)); + EBaseException ex = + new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName)); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString())); throw ex; } X500Name subjectdn = new X500Name(dn); - certinfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subjectdn)); + certinfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subjectdn)); } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.SERVER_DOWN: + case LDAPException.SERVER_DOWN: log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR")); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); @@ -534,7 +539,7 @@ public abstract class DirBasedAuthentication log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString())); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + e.errorCodeToString())); } } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage())); @@ -553,19 +558,20 @@ public abstract class DirBasedAuthentication protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) { for (int i = 0; i < mLdapStringAttrs.length; i++) setAuthTokenStringValue(mLdapStringAttrs[i], e, tok); - for (int j = 0; j < mLdapByteAttrs.length; j++) + for (int j = 0; j < mLdapByteAttrs.length; j++) setAuthTokenByteValue(mLdapByteAttrs[j], e, tok); } protected void setAuthTokenStringValue( - String name, LDAPEntry entry, AuthToken tok) { + String name, LDAPEntry entry, AuthToken tok) { LDAPAttribute values = entry.getAttribute(name); - if (values == null) return; + if (values == null) + return; Vector<String> v = new Vector<String>(); @SuppressWarnings("unchecked") - Enumeration<String> e = values.getStringValues(); + Enumeration<String> e = values.getStringValues(); while (e.hasMoreElements()) { v.addElement(e.nextElement()); @@ -579,14 +585,15 @@ public abstract class DirBasedAuthentication } protected void setAuthTokenByteValue( - String name, LDAPEntry entry, AuthToken tok) { + String name, LDAPEntry entry, AuthToken tok) { LDAPAttribute values = entry.getAttribute(name); - if (values == null) return; + if (values == null) + return; Vector<byte[]> v = new Vector<byte[]>(); @SuppressWarnings("unchecked") - Enumeration<byte[]> e = values.getByteValues(); + Enumeration<byte[]> e = values.getByteValues(); while (e.hasMoreElements()) { v.addElement(e.nextElement()); @@ -602,6 +609,7 @@ public abstract class DirBasedAuthentication /** * Return a list of LDAP attributes with String values to retrieve. * Subclasses can override to return any set of attributes. + * * @return Array of LDAP attributes to retrieve from the directory. */ protected String[] getLdapAttrs() { @@ -611,6 +619,7 @@ public abstract class DirBasedAuthentication /** * Return a list of LDAP attributes with byte[] values to retrieve. * Subclasses can override to return any set of attributes. + * * @return Array of LDAP attributes to retrieve from the directory. */ protected String[] getLdapByteAttrs() { @@ -618,22 +627,23 @@ public abstract class DirBasedAuthentication } /** - * Formulate the subject name + * Formulate the subject name + * * @param entry The LDAP entry * @return The subject name string. * @exception EBaseException If an internal error occurs. */ protected String formSubjectName(LDAPEntry entry) - throws EAuthException { - if (mPattern.mPatternString == null) + throws EAuthException { + if (mPattern.mPatternString == null) return entry.getDN(); - - /* - if (mTestDNString != null) { - mPattern.mTestDN = mTestDNString; - //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); - } - */ + + /* + if (mTestDNString != null) { + mPattern.mTestDN = mTestDNString; + //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); + } + */ String dn = mPattern.formDN(entry); @@ -643,6 +653,7 @@ public abstract class DirBasedAuthentication /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -651,15 +662,14 @@ public abstract class DirBasedAuthentication if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + level, msg); } public String[] getExtendedPluginInfo(Locale locale) { String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo); return s; - + } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java index ab59c499..d2142ea3 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.io.BufferedReader; import java.io.BufferedWriter; @@ -49,15 +48,14 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This represents the authentication manager that authenticates * user against a file where id, and password are stored. * * @version $Revision$, $Date$ */ -public class FlatFileAuth - implements IProfileAuthenticator, IExtendedPluginInfo { +public class FlatFileAuth + implements IProfileAuthenticator, IExtendedPluginInfo { /* configuration parameter keys */ protected static final String PROP_FILENAME = "fileName"; @@ -66,39 +64,39 @@ public class FlatFileAuth protected static final String PROP_DEFERONFAILURE = "deferOnFailure"; protected String mFilename = "config/pwfile"; - protected long mFileLastRead = 0; + protected long mFileLastRead = 0; protected String mKeyAttributes = "UID"; protected String mAuthAttrs = "PWD"; protected boolean mDeferOnFailure = true; private static final String DATE_PATTERN = "yyyy-MM-dd-HH-mm-ss"; private static SimpleDateFormat mDateFormat = new SimpleDateFormat(DATE_PATTERN); - protected static String[] mConfigParams = - new String[] { - PROP_FILENAME, - PROP_KEYATTRIBUTES, - PROP_AUTHATTRS, - PROP_DEFERONFAILURE + protected static String[] mConfigParams = + new String[] { + PROP_FILENAME, + PROP_KEYATTRIBUTES, + PROP_AUTHATTRS, + PROP_DEFERONFAILURE }; public String[] getExtendedPluginInfo(Locale locale) { String s[] = { PROP_FILENAME + ";string;Pathname of password file", PROP_KEYATTRIBUTES + ";string;Comma-separated list of attributes" + - " which together form a unique identifier for the user", + " which together form a unique identifier for the user", PROP_AUTHATTRS + ";string;Comma-separated list of attributes" + - " which are used for further authentication", + " which are used for further authentication", PROP_DEFERONFAILURE + ";boolean;if user is not found, defer the " + - "request to the queue for manual-authentication (true), or " + - "simply rejected the request (false)" + "request to the queue for manual-authentication (true), or " + + "simply rejected the request (false)" }; return s; } - + /** name of this authentication manager instance */ protected String mName = null; - + protected String FFAUTH = "FlatFileAuth"; /** name of the authentication manager plugin */ @@ -109,17 +107,19 @@ public class FlatFileAuth /** system logger */ protected ILogger mLogger = CMS.getLogger(); - - /** This array is created as to include all the requested attributes - * + + /** + * This array is created as to include all the requested attributes + * */ String[] reqCreds = null; String[] authAttrs = null; String[] keyAttrs = null; - /** Hashtable of entries from Auth File. Hash index is the - * concatenation of the attributes from matchAttributes property + /** + * Hashtable of entries from Auth File. Hash index is the + * concatenation of the attributes from matchAttributes property */ protected Hashtable entries = null; @@ -132,7 +132,7 @@ public class FlatFileAuth * @param s The default value of the property */ protected String getPropertyS(String propertyName, String s) - throws EBaseException { + throws EBaseException { String p; try { @@ -157,7 +157,7 @@ public class FlatFileAuth * @param b The default value of the property */ protected boolean getPropertyB(String propertyName, boolean b) - throws EBaseException { + throws EBaseException { boolean p; try { @@ -170,7 +170,7 @@ public class FlatFileAuth } public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -219,6 +219,7 @@ public class FlatFileAuth /** * Log a message. + * * @param level The logging level. * @param msg The message to log. */ @@ -226,9 +227,9 @@ public class FlatFileAuth if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + level, msg); } - + void print(String s) { CMS.debug("FlatFileAuth: " + s); } @@ -257,9 +258,9 @@ public class FlatFileAuth s[i] = (String) e.nextElement(); } return s; - + } - + /** * Split a comma-delimited String into an array of individual * Strings. @@ -298,9 +299,9 @@ public class FlatFileAuth return sb.toString(); } - private synchronized void updateFile (String key) { + private synchronized void updateFile(String key) { try { - String name = writeFile (key); + String name = writeFile(key); if (name != null) { File orgFile = new File(mFilename); long lastModified = orgFile.lastModified(); @@ -310,15 +311,15 @@ public class FlatFileAuth } else { mFileLastRead = newFile.lastModified(); } - if (orgFile.renameTo(new File(name.substring(0, name.length()-1)))) { + if (orgFile.renameTo(new File(name.substring(0, name.length() - 1)))) { if (!newFile.renameTo(new File(mFilename))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", name, mFilename)); - File file = new File(name.substring(0, name.length()-1)); + File file = new File(name.substring(0, name.length() - 1)); file.renameTo(new File(mFilename)); } } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", mFilename, - name.substring(0, name.length()-1))); + name.substring(0, name.length() - 1))); } } } catch (Exception e) { @@ -326,7 +327,7 @@ public class FlatFileAuth } } - private String writeFile (String key) { + private String writeFile(String key) { BufferedReader reader = null; BufferedWriter writer = null; String name = null; @@ -334,9 +335,9 @@ public class FlatFileAuth boolean done = false; String line = null; try { - reader = new BufferedReader (new FileReader (mFilename)); - name = mFilename+"."+mDateFormat.format(new Date())+"~"; - writer = new BufferedWriter (new FileWriter(name)); + reader = new BufferedReader(new FileReader(mFilename)); + name = mFilename + "." + mDateFormat.format(new Date()) + "~"; + writer = new BufferedWriter(new FileWriter(name)); if (reader != null && writer != null) { while ((line = reader.readLine()) != null) { if (commentOutNextLine) { @@ -374,12 +375,15 @@ public class FlatFileAuth long s2 = 0; File f1 = new File(mFilename); File f2 = new File(name); - if (f1.exists()) s1 = f1.length(); - if (f2.exists()) s2 = f2.length(); + if (f1.exists()) + s1 = f1.length(); + if (f2.exists()) + s2 = f2.length(); if (s1 > 0 && s2 > 0 && s2 > s1) { done = true; } else { - if (f2.exists()) f2.delete(); + if (f2.exists()) + f2.delete(); name = null; } } @@ -390,27 +394,29 @@ public class FlatFileAuth return name; } - /** - * Read a file with the following format: <p><pre> + * Read a file with the following format: + * <p> + * + * <pre> * param1: valuea * param2: valueb * -blank-line- * param1: valuec * param2: valued * </pre> - * + * * @param f The file to read * @param keys The parameters to concat together to form the hash - * key + * key * @return a hashtable of hashtables. */ protected Hashtable readFile(File f, String[] keys) - throws IOException { + throws IOException { log(ILogger.LL_INFO, "Reading file: " + f.getName()); BufferedReader file = new BufferedReader( new FileReader(f) - ); + ); String line; Hashtable allusers = new Hashtable(); @@ -429,7 +435,7 @@ public class FlatFileAuth entry = new Hashtable(); } - if (colon == -1) { // no colon -> empty line signifies end of record + if (colon == -1) { // no colon -> empty line signifies end of record if (!line.trim().equals("")) { if (file != null) { file.close(); @@ -458,8 +464,8 @@ public class FlatFileAuth } private void putEntry(Hashtable allUsers, - Hashtable entry, - String[] keys) { + Hashtable entry, + String[] keys) { if (entry == null) { return; } @@ -499,11 +505,11 @@ public class FlatFileAuth /** * Compare attributes provided by the user with those in * in flat file. - * + * */ private IAuthToken doAuthentication(Hashtable user, IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); for (int i = 0; i < authAttrs.length; i++) { @@ -536,10 +542,10 @@ public class FlatFileAuth /** * Authenticate the request - * + * */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { IAuthToken authToken = null; String keyForUser = ""; @@ -603,14 +609,14 @@ public class FlatFileAuth /** * Return a list of HTTP parameters which will be taken from the * request posting and placed into the AuthCredentials block - * + * * Note that this method will not be called until after the * init() method is called */ public String[] getRequiredCreds() { print("getRequiredCreds returning: " + joinStringArray(reqCreds, ",")); return reqCreds; - + } /** @@ -640,7 +646,7 @@ public class FlatFileAuth } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -666,7 +672,7 @@ public class FlatFileAuth } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { } /** diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java index 19bfab69..a2d3bc72 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java +++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java @@ -17,17 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // java sdk imports. import java.util.Hashtable; import java.util.Vector; - /** * The structure stores the information of which machine is enabled for * the agent-initiated user enrollment, and whom agents enable this feature, * and the value of the timeout. * <P> + * * @version $Revision$, $Date$ */ public class HashAuthData extends Hashtable { @@ -54,7 +53,7 @@ public class HashAuthData extends Hashtable { Vector val = (Vector) get(hostname); if (val == null) { - val = new Vector(); + val = new Vector(); put(hostname, val); } val.setElementAt(agentName, 0); @@ -117,4 +116,3 @@ public class HashAuthData extends Hashtable { val.setElementAt(Long.valueOf(lastLogin), 3); } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java index 24a10e0a..a0199a9b 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -40,11 +39,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** * Hash uid/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { @@ -71,18 +69,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); private static Vector mExtendedPluginInfo = null; private HashAuthData mHosts = null; - + static String[] mConfigParams = - new String[] {}; + new String[] {}; static { mExtendedPluginInfo = new Vector(); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the username and password provided " + - "by the user against an LDAP directory. Works with the " + - "Dir Based Enrollment HTML form"); + ";Authenticate the username and password provided " + + "by the user against an LDAP directory. Works with the " + + "Dir Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authrules-uidpwddirauth"); + ";configuration-authrules-uidpwddirauth"); }; /** @@ -91,8 +89,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { public HashAuthentication() { } - public void init(String name, String implName, IConfigStore config) - throws EBaseException { + public void init(String name, String implName, IConfigStore config) + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -124,7 +122,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { } public void createEntry(String host, String dn, long timeout, - String secret, long lastLogin) { + String secret, long lastLogin) { Vector v = new Vector(); v.addElement(dn); @@ -141,7 +139,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { public String getAgentName(String hostname) { return mHosts.getAgentName(hostname); } - + public void setAgentName(String hostname, String agentName) { mHosts.setAgentName(hostname, agentName); } @@ -184,7 +182,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + level, msg); } public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) { @@ -192,7 +190,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { if (val.equals(fingerprint)) return true; - return false; + return false; } public Enumeration getHosts() { @@ -200,8 +198,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { } public String hashFingerprint(String host, String pageID, String uid) { - byte[] hash = - mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes()); + byte[] hash = + mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes()); String b64E = com.netscape.osutil.OSUtil.BtoA(hash); return "{SHA}" + b64E; @@ -216,18 +214,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ public IAuthToken authenticate(IAuthCredentials authCreds) - throws EBaseException { + throws EBaseException { AuthToken token = new AuthToken(this); String fingerprint = (String) authCreds.get(CRED_FINGERPRINT); String pageID = (String) authCreds.get(CRED_PAGEID); String uid = (String) authCreds.get(CRED_UID); String host = (String) authCreds.get(CRED_HOST); - if (fingerprint.equals("") || - !validFingerprint(host, pageID, uid, fingerprint)) { + if (fingerprint.equals("") || + !validFingerprint(host, pageID, uid, fingerprint)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT")); throw new EAuthException("Invalid Fingerprint"); } @@ -240,6 +238,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -248,6 +247,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { /** * Gets the configuration substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -276,14 +276,13 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo { } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java index 56c8739a..ac13a02f 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java +++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.util.Enumeration; import java.util.Locale; @@ -49,26 +48,25 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; - /** * uid/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class PortalEnroll extends DirBasedAuthentication { /* configuration parameter keys */ - protected static final String PROP_LDAPAUTH = "ldapauth"; - protected static final String PROP_AUTHTYPE = "authtype"; - protected static final String PROP_BINDDN = "bindDN"; - protected static final String PROP_BINDPW = "bindPW"; - protected static final String PROP_LDAPCONN = "ldapconn"; - protected static final String PROP_HOST = "host"; - protected static final String PROP_PORT = "port"; - protected static final String PROP_SECURECONN = "secureConn"; - protected static final String PROP_VERSION = "version"; - protected static final String PROP_OBJECTCLASS = "objectclass"; + protected static final String PROP_LDAPAUTH = "ldapauth"; + protected static final String PROP_AUTHTYPE = "authtype"; + protected static final String PROP_BINDDN = "bindDN"; + protected static final String PROP_BINDPW = "bindPW"; + protected static final String PROP_LDAPCONN = "ldapconn"; + protected static final String PROP_HOST = "host"; + protected static final String PROP_PORT = "port"; + protected static final String PROP_SECURECONN = "secureConn"; + protected static final String PROP_VERSION = "version"; + protected static final String PROP_OBJECTCLASS = "objectclass"; /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; @@ -80,83 +78,84 @@ public class PortalEnroll extends DirBasedAuthentication { private String mObjectClass = null; private String mBindDN = null; private String mBaseDN = null; - private ILdapConnFactory mLdapFactory = null; - private LDAPConnection mLdapConn = null; + private ILdapConnFactory mLdapFactory = null; + private LDAPConnection mLdapConn = null; // contains all nested superiors' required attrs in the form of a // vector of "required" attributes in Enumeration Vector mRequiredAttrs = null; - + // contains all nested superiors' optional attrs in the form of a // vector of "optional" attributes in Enumeration Vector mOptionalAttrs = null; // contains all the objclasses, including superiors and itself Vector mObjClasses = null; - + /* Holds configuration parameters accepted by this implementation. * This list is passed to the configuration console so configuration * for instances of this implementation can be configured through the * console. */ - protected static String[] mConfigParams = - new String[] { - PROP_DNPATTERN, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.ldapauth.bindDN", - "ldap.ldapauth.bindPWPrompt", - "ldap.ldapauth.clientCertNickname", - "ldap.ldapauth.authtype", - "ldap.basedn", - "ldap.objectclass", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { + PROP_DNPATTERN, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.ldapauth.bindDN", + "ldap.ldapauth.bindPWPrompt", + "ldap.ldapauth.clientCertNickname", + "ldap.ldapauth.authtype", + "ldap.basedn", + "ldap.objectclass", + "ldap.minConns", + "ldap.maxConns", }; - + /** * Default constructor, initialization must follow. */ - public PortalEnroll() - throws EBaseException { + public PortalEnroll() + throws EBaseException { super(); } /** * Initializes the PortalEnrollment auth manager. * <p> + * * @param name - The name for this authentication manager instance. * @param implName - The name of the authentication manager plugin. * @param config - The configuration store for this instance. * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { super.init(name, implName, config); - + /* Get Bind DN for directory server */ mConfig = mLdapConfig.getSubStore(PROP_LDAPAUTH); mBindDN = mConfig.getString(PROP_BINDDN); - if ( (mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == "")) + if ((mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == "")) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "binddn")); - - /* Get Bind DN for directory server */ + + /* Get Bind DN for directory server */ mBaseDN = mLdapConfig.getString(PROP_BASEDN); if ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN == "")) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn")); - - /* Get Object clase name for enrollment */ + + /* Get Object clase name for enrollment */ mObjectClass = mLdapConfig.getString(PROP_OBJECTCLASS); - if (mObjectClass == null || mObjectClass.length() == 0) + if (mObjectClass == null || mObjectClass.length() == 0) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass")); - /* Get connect parameter */ + /* Get connect parameter */ mLdapFactory = CMS.getLdapBoundConnFactory(); mLdapFactory.init(mLdapConfig); mLdapConn = mLdapFactory.getConn(); - + log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_PORTAL_INIT")); } @@ -166,18 +165,18 @@ public class PortalEnroll extends DirBasedAuthentication { * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String uid = null; String pwd = null; String dn = null; argblk = authCreds.getArgBlock(); - + // authenticate by binding to ldap server with password. try { // get the uid. @@ -185,7 +184,7 @@ public class PortalEnroll extends DirBasedAuthentication { if (uid == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { @@ -206,8 +205,8 @@ public class PortalEnroll extends DirBasedAuthentication { throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists.")); } else { dn = regist(token, uid); - if (dn == null) - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE","Could not add user " + uid + ".")); + if (dn == null) + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Could not add user " + uid + ".")); } // bind as user dn and pwd - authenticates user with pwd. @@ -217,22 +216,21 @@ public class PortalEnroll extends DirBasedAuthentication { token.set(CRED_UID, uid); log(ILogger.LL_INFO, "portal authentication is done"); - + return dn; } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString())); throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort()))); - throw new - EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail.")); + throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail.")); case LDAPException.INVALID_CREDENTIALS: - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.SERVER_DOWN: @@ -240,24 +238,24 @@ public class PortalEnroll extends DirBasedAuthentication { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: + default: log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage())); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } } catch (EBaseException e) { if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true) log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR", e.toString())); throw e; - } + } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -267,43 +265,44 @@ public class PortalEnroll extends DirBasedAuthentication { public String[] getExtendedPluginInfo(Locale locale) { String[] s = { PROP_DNPATTERN + ";string;Template for cert" + - " Subject Name. ($dn.xxx - get value from user's LDAP " + - "DN. $attr.yyy - get value from LDAP attributes in " + - "user's entry.) Default: " + DEFAULT_DNPATTERN, + " Subject Name. ($dn.xxx - get value from user's LDAP " + + "DN. $attr.yyy - get value from LDAP attributes in " + + "user's entry.) Default: " + DEFAULT_DNPATTERN, "ldap.ldapconn.host;string,required;" + "LDAP host to connect to", "ldap.ldapconn.port;number,required;" + "LDAP port number (default 389, or 636 if SSL)", "ldap.objectclass;string,required;SEE DOCUMENTATION for Object Class. " - + "Default is inetOrgPerson.", + + "Default is inetOrgPerson.", "ldap.ldapconn.secureConn;boolean;" + "Use SSL to connect to directory?", "ldap.ldapconn.version;choice(3,2);" + "LDAP protocol version", "ldap.ldapauth.bindDN;string,required;DN to bind as for Directory Manager. " - + "For example 'CN=Directory Manager'", + + "For example 'CN=Directory Manager'", "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + - "the above user", + "the above user", "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth);" - + "How to bind to the directory (for pin removal only)", + + "How to bind to the directory (for pin removal only)", "ldap.ldapauth.clientCertNickname;string;If you want to use " - + "SSL client auth to the directory, set the client " - + "cert nickname here", + + "SSL client auth to the directory, set the client " + + "cert nickname here", "ldap.basedn;string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here", + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here", "ldap.minConns;number;number of connections " + - "to keep open to directory server", + "to keep open to directory server", "ldap.maxConns;number;when needed, connection " + - "pool can grow to this many connections", + "pool can grow to this many connections", IExtendedPluginInfo.HELP_TEXT + - ";This authentication plugin checks to see if a user " + - "exists in the directory. If not, then the user is created " + - "with the requested password.", + ";This authentication plugin checks to see if a user " + + "exists in the directory. If not, then the user is created " + + "with the requested password.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-authrules-portalauth" }; - + return s; } /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -312,6 +311,7 @@ public class PortalEnroll extends DirBasedAuthentication { /** * adds a user to the directory. + * * @return dn upon success and null upon failure. * @param token authentication token * @param uid the user's id. @@ -321,7 +321,7 @@ public class PortalEnroll extends DirBasedAuthentication { /* Specify the attributes of the entry */ Vector objectclass_values = null; - + LDAPAttributeSet attrs = new LDAPAttributeSet(); LDAPAttribute attr = new LDAPAttribute("objectclass"); @@ -369,7 +369,7 @@ public class PortalEnroll extends DirBasedAuthentication { } catch (EBaseException e) { if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true) continue; - } + } CMS.debug("PortalEnroll: " + attrname + " = " + attrval); attrs.add(new LDAPAttribute(attrname, attrval)); @@ -386,17 +386,17 @@ public class PortalEnroll extends DirBasedAuthentication { while (attrnames.hasMoreElements()) { String attrname = (String) attrnames.nextElement(); String attrval = null; - + CMS.debug("PortalEnroll: attrname is: " + attrname); try { attrval = (String) argblk.getValueAsString(attrname); } catch (EBaseException e) { if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true) continue; - } + } CMS.debug("PortalEnroll: " + attrname + " = " + attrval); if (attrval != null) { - attrs.add(new LDAPAttribute(attrname, attrval)); + attrs.add(new LDAPAttribute(attrname, attrval)); } } } @@ -417,7 +417,7 @@ public class PortalEnroll extends DirBasedAuthentication { } log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_REGISTRATION_DONE")); - + return dn; } @@ -461,4 +461,3 @@ public class PortalEnroll extends DirBasedAuthentication { } } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java index 1f21bc1d..3542570a 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -29,24 +28,25 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.base.EBaseException; - /** - * class for parsing a DN pattern used to construct a certificate - * subject name from ldap attributes and dn.<p> + * class for parsing a DN pattern used to construct a certificate + * subject name from ldap attributes and dn. + * <p> * - * dnpattern is a string representing a subject name pattern to formulate from - * the directory attributes and entry dn. If empty or not set, the - * ldap entry DN will be used as the certificate subject name. <p> + * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$attr" "." attrName [ "." attrNumber ] | - * name "=" "$dn" "." attrName [ "." attrNumber ] | - * "$dn" "." "$rdn" "." number + * name "=" "$attr" "." attrName [ "." attrNumber ] | + * name "=" "$dn" "." attrName [ "." attrNumber ] | + * "$dn" "." "$rdn" "." number * </pre> + * * <pre> * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i> * Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org @@ -73,11 +73,12 @@ import com.netscape.certsrv.base.EBaseException; * E = the first 'mail' ldap attribute value in user's entry. <br> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN. note multiple AVAs - * in a RDN in this example. <br> + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> + * * <pre> * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i> * Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org @@ -102,15 +103,15 @@ import com.netscape.certsrv.base.EBaseException; * <p> * CN = the (first) 'cn' ldap attribute value in the user's entry. <br> * OU = the second 'ou' value in the user's entry DN followed by the - * first 'ou' value in the user's entry. note multiple AVAs - * in a RDN in this example. <br> + * first 'ou' value in the user's entry. note multiple AVAs + * in a RDN in this example. <br> * O = the (first) 'o' value in the user's entry DN. <br> * C = the string "US" * <p> * </pre> - * If an attribute or subject DN component does not exist the attribute - * is skipped. - * + * + * If an attribute or subject DN component does not exist the attribute is skipped. + * * @version $Revision$, $Date$ */ class RDNPattern { @@ -126,13 +127,14 @@ class RDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattenr the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ public RDNPattern(String pattern) - throws EAuthException { + throws EAuthException { if (pattern == null || pattern.equals("")) { // create an attribute list that is the dn. mLdapAttrs = new String[] { "dn" }; @@ -145,15 +147,15 @@ class RDNPattern { } /** - * Construct a DN pattern from a input stream of pattern + * Construct a DN pattern from a input stream of pattern */ - public RDNPattern(PushbackReader in) - throws EAuthException { + public RDNPattern(PushbackReader in) + throws EAuthException { parse(in); } private void parse(PushbackReader in) - throws EAuthException { + throws EAuthException { //System.out.println("_________ begin rdn _________"); Vector avaPatterns = new Vector(); AVAPattern avaPattern = null; @@ -167,17 +169,16 @@ class RDNPattern { //" mAttr "+avaPattern.mAttr+ //" mValue "+avaPattern.mValue+ //" mElement "+avaPattern.mElement); - try { - lastChar = in.read(); + try { + lastChar = in.read(); } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == '+'); + } while (lastChar == '+'); if (lastChar != -1) { try { - in.unread(lastChar); // pushback last , + in.unread(lastChar); // pushback last , } catch (IOException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } @@ -191,7 +192,7 @@ class RDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getLdapAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; ldapAttrs.addElement(avaAttr); } @@ -201,15 +202,16 @@ class RDNPattern { /** * Form a Ldap v3 DN string from results of a ldap search. + * * @param entry LDAPentry from a ldap search - * @return Ldap v3 DN string to use for a subject name. + * @return Ldap v3 DN string to use for a subject name. */ public String formRDN(LDAPEntry entry) - throws EAuthException { + throws EAuthException { StringBuffer formedRDN = new StringBuffer(); for (int i = 0; i < mAVAPatterns.length; i++) { - if (mTestDN != null) + if (mTestDN != null) mAVAPatterns[i].mTestDN = mTestDN; String ava = mAVAPatterns[i].formAVA(entry); diff --git a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java index e73a112c..35c23bd0 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - import java.security.Principal; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -47,15 +46,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.usrgrp.Certificates; - /** - * Certificate server SSL client authentication. - * + * Certificate server SSL client authentication. + * * @author Christina Fu - * <P> - * + * <P> + * */ -public class SSLclientCertAuthentication implements IAuthManager, +public class SSLclientCertAuthentication implements IAuthManager, IProfileAuthenticator { /* result auth token attributes */ @@ -86,19 +84,19 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * initializes the SSLClientCertAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing - * all available authentication managers. + * called by AuthSubsystem init() method, when initializing all available authentication managers. + * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; } - + /** * Gets the name of this authentication manager. */ @@ -112,7 +110,7 @@ public class SSLclientCertAuthentication implements IAuthManager, public String getImplName() { return mImplName; } - + public boolean isSSLClientRequired() { return true; } @@ -120,29 +118,29 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * authenticates user by certificate * <p> - * called by other subsystems or their servlets to authenticate - * users + * called by other subsystems or their servlets to authenticate users + * * @param authCred - authentication credential that contains - * an usrgrp.Certificates of the user (agent) + * an usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * + * * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - + throws EMissingCredential, EInvalidCredentials, EBaseException { + CMS.debug("SSLclientCertAuthentication: start"); - CMS.debug("authenticator instance name is "+getName()); + CMS.debug("authenticator instance name is " + getName()); // force SSL handshake SessionContext context = SessionContext.getExistingContext(); ISSLClientCertProvider provider = (ISSLClientCertProvider) - context.get("sslClientCertProvider"); + context.get("sslClientCertProvider"); if (provider == null) { CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found"); @@ -173,7 +171,7 @@ public class SSLclientCertAuthentication implements IAuthManager, // find out which one is the leaf cert clientCert = ci[i]; - byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); + byte[] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { @@ -186,24 +184,24 @@ public class SSLclientCertAuthentication implements IAuthManager, // so it's not likely to be a leaf cert, // however, check the isCA field regardless try { - BasicConstraintsExtension bce = - new BasicConstraintsExtension(true, extBytes); - if (bce != null) { - if (!(Boolean)bce.get("is_ca")) { - CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("SSLclientCertAuthentication: authenticate: exception:"+ + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean) bce.get("is_ca")) { + CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain"); + break; + } // else found a ca cert, continue + } + } catch (Exception e) { + CMS.debug("SSLclientCertAuthentication: authenticate: exception:" + e.toString()); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } - } + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } + } } if (clientCert == null) { - CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found"); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found"); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } } catch (CertificateException e) { CMS.debug(e.toString()); @@ -213,15 +211,15 @@ public class SSLclientCertAuthentication implements IAuthManager, // check if certificate(s) is revoked boolean checkRevocation = true; try { - checkRevocation = mConfig.getBoolean("checkRevocation", true); + checkRevocation = mConfig.getBoolean("checkRevocation", true); } catch (EBaseException e) { - // do nothing; default to true + // do nothing; default to true } if (checkRevocation) { - if (CMS.isRevoked(ci)) { - CMS.debug("SSLclientCertAuthentication: certificate revoked"); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } + if (CMS.isRevoked(ci)) { + CMS.debug("SSLclientCertAuthentication: certificate revoked"); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } } Certificates certs = new Certificates(ci); Principal p_dn = clientCert.getSubjectDN(); @@ -232,13 +230,13 @@ public class SSLclientCertAuthentication implements IAuthManager, authToken.set(TOKEN_UID, uid); authToken.set(TOKEN_USERID, uid); } -/* - authToken.set(TOKEN_USER_DN, user.getUserDN()); - authToken.set(TOKEN_USERID, user.getUserID()); - authToken.set(TOKEN_UID, user.getUserID()); - authToken.set(TOKEN_GROUP, groupname); -*/ - authToken.set(CRED_CERT, certs); + /* + authToken.set(TOKEN_USER_DN, user.getUserDN()); + authToken.set(TOKEN_USERID, user.getUserID()); + authToken.set(TOKEN_UID, user.getUserID()); + authToken.set(TOKEN_GROUP, groupname); + */ + authToken.set(CRED_CERT, certs); CMS.debug("SSLclientCertAuthentication: authenticated "); @@ -257,7 +255,7 @@ public class SSLclientCertAuthentication implements IAuthManager, String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"+v); + CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:" + v); return v; } else { continue; @@ -268,10 +266,11 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * get the list of authentication credential attribute names - * required by this authentication manager. Generally used by - * the servlets that handle agent operations to authenticate its - * users. It calls this method to know which are the - * required credentials from the user (e.g. Javascript form data) + * required by this authentication manager. Generally used by + * the servlets that handle agent operations to authenticate its + * users. It calls this method to know which are the + * required credentials from the user (e.g. Javascript form data) + * * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -280,14 +279,15 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * get the list of configuration parameter names - * required by this authentication manager. Generally used by - * the Certificate Server Console to display the table for - * configuration purposes. CertUserDBAuthentication is currently not - * exposed in this case, so this method is not to be used. + * required by this authentication manager. Generally used by + * the Certificate Server Console to display the table for + * configuration purposes. CertUserDBAuthentication is currently not + * exposed in this case, so this method is not to be used. + * * @return configuration parameter names in Hashtable of Vectors - * where each hashtable entry's key is the substore name, value is a - * Vector of parameter names. If no substore, the parameter name - * is the Hashtable key itself, with value same as key. + * where each hashtable entry's key is the substore name, value is a + * Vector of parameter names. If no substore, the parameter name + * is the Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -301,7 +301,8 @@ public class SSLclientCertAuthentication implements IAuthManager, /** * gets the configuretion substore used by this authentication - * manager + * manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -311,7 +312,7 @@ public class SSLclientCertAuthentication implements IAuthManager, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -348,7 +349,7 @@ public class SSLclientCertAuthentication implements IAuthManager, } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(TOKEN_USERDN)); request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, diff --git a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java index 8b0a7b9b..7a0784c5 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java +++ b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java @@ -26,7 +26,7 @@ import com.netscape.certsrv.authentication.ISharedToken; public class SharedSecret implements ISharedToken { public SharedSecret() { - } + } public String getSharedToken(PKIData cmcdata) { return "testing"; diff --git a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java index bb393767..5dcb80a6 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java @@ -46,13 +46,13 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; /** - * Token authentication. + * Token authentication. * Checked if the given token is valid. * <P> - * + * * @version $Revision$, $Date$ */ -public class TokenAuthentication implements IAuthManager, +public class TokenAuthentication implements IAuthManager, IProfileAuthenticator { /* result auth token attributes */ @@ -79,21 +79,21 @@ public class TokenAuthentication implements IAuthManager, /** * initializes the TokenAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing - * all available authentication managers. + * called by AuthSubsystem init() method, when initializing all available authentication managers. + * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - + /** * Gets the name of this authentication manager. */ @@ -107,7 +107,7 @@ public class TokenAuthentication implements IAuthManager, public String getImplName() { return mImplName; } - + public boolean isSSLClientRequired() { return false; } @@ -115,21 +115,21 @@ public class TokenAuthentication implements IAuthManager, /** * authenticates user(agent) by certificate * <p> - * called by other subsystems or their servlets to authenticate - * users (agents) + * called by other subsystems or their servlets to authenticate users (agents) + * * @param authCred - authentication credential that contains - * an usrgrp.Certificates of the user (agent) + * an usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * @exception EMissingCredential If a required credential for this + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - + throws EMissingCredential, EInvalidCredentials, EBaseException { + CMS.debug("TokenAuthentication: start"); // force SSL handshake @@ -141,8 +141,8 @@ public class TokenAuthentication implements IAuthManager, // get group name from configuration file IConfigStore sconfig = CMS.getConfigStore(); - String sessionId = (String)authCred.get(CRED_SESSION_ID); - String givenHost = (String)authCred.get("clientHost"); + String sessionId = (String) authCred.get(CRED_SESSION_ID); + String givenHost = (String) authCred.get("clientHost"); String auth_host = sconfig.getString("securitydomain.host"); int auth_port = sconfig.getInteger("securitydomain.httpseeport"); @@ -151,7 +151,7 @@ public class TokenAuthentication implements IAuthManager, try { JssSSLSocketFactory factory = new JssSSLSocketFactory(); httpclient = new HttpClient(factory); - String content = CRED_SESSION_ID+"="+sessionId+"&hostname="+givenHost; + String content = CRED_SESSION_ID + "=" + sessionId + "&hostname=" + givenHost; CMS.debug("TokenAuthentication: content=" + content); httpclient.connect(auth_host, auth_port); HttpRequest httprequest = new HttpRequest(); @@ -165,8 +165,8 @@ public class TokenAuthentication implements IAuthManager, HttpResponse httpresponse = httpclient.send(httprequest); c = httpresponse.getContent(); - } catch (Exception e) { - CMS.debug("TokenAuthentication authenticate Exception="+e.toString()); + } catch (Exception e) { + CMS.debug("TokenAuthentication authenticate Exception=" + e.toString()); } if (c != null) { @@ -177,9 +177,9 @@ public class TokenAuthentication implements IAuthManager, try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "TokenAuthentication::authenticate() - " - + "Exception="+e.toString() ); - throw new EBaseException( e.toString() ); + CMS.debug("TokenAuthentication::authenticate() - " + + "Exception=" + e.toString()); + throw new EBaseException(e.toString()); } String status = parser.getValue("Status"); @@ -195,13 +195,13 @@ public class TokenAuthentication implements IAuthManager, authToken.set(TOKEN_UID, uid); authToken.set(TOKEN_GID, gid); - if(context != null) { + if (context != null) { CMS.debug("SessionContext.USER_ID " + uid + " SessionContext.GROUP_ID " + gid); - context.put(SessionContext.USER_ID, uid ); - context.put(SessionContext.GROUP_ID, gid ); + context.put(SessionContext.USER_ID, uid); + context.put(SessionContext.GROUP_ID, gid); } - CMS.debug("TokenAuthentication: authenticated uid="+uid+", gid="+gid); + CMS.debug("TokenAuthentication: authenticated uid=" + uid + ", gid=" + gid); } catch (EBaseException e) { throw e; } catch (Exception e) { @@ -213,10 +213,11 @@ public class TokenAuthentication implements IAuthManager, /** * get the list of authentication credential attribute names - * required by this authentication manager. Generally used by - * the servlets that handle agent operations to authenticate its - * users. It calls this method to know which are the - * required credentials from the user (e.g. Javascript form data) + * required by this authentication manager. Generally used by + * the servlets that handle agent operations to authenticate its + * users. It calls this method to know which are the + * required credentials from the user (e.g. Javascript form data) + * * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -225,14 +226,15 @@ public class TokenAuthentication implements IAuthManager, /** * get the list of configuration parameter names - * required by this authentication manager. Generally used by - * the Certificate Server Console to display the table for - * configuration purposes. CertUserDBAuthentication is currently not - * exposed in this case, so this method is not to be used. + * required by this authentication manager. Generally used by + * the Certificate Server Console to display the table for + * configuration purposes. CertUserDBAuthentication is currently not + * exposed in this case, so this method is not to be used. + * * @return configuration parameter names in Hashtable of Vectors - * where each hashtable entry's key is the substore name, value is a - * Vector of parameter names. If no substore, the parameter name - * is the Hashtable key itself, with value same as key. + * where each hashtable entry's key is the substore name, value is a + * Vector of parameter names. If no substore, the parameter name + * is the Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -246,7 +248,8 @@ public class TokenAuthentication implements IAuthManager, /** * gets the configuretion substore used by this authentication - * manager + * manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -256,7 +259,7 @@ public class TokenAuthentication implements IAuthManager, // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -296,6 +299,6 @@ public class TokenAuthentication implements IAuthManager, } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java index 565bca1a..c9fbbf9a 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; @@ -33,11 +32,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; - /** * udn/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class UdnPwdDirAuthentication extends DirBasedAuthentication { @@ -52,25 +50,25 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { * for instances of this implementation can be configured through the * console. */ - protected static String[] mConfigParams = - new String[] { PROP_DNPATTERN, - PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.minConns", + "ldap.maxConns", }; static { mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the user distinguished name and password provided " + - "by the user against an LDAP directory. Works with the " + - "Dir Based Enrollment HTML form"); + ";Authenticate the user distinguished name and password provided " + + "by the user against an LDAP directory. Works with the " + + "Dir Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authentication"); + ";configuration-authentication"); }; /** @@ -83,13 +81,14 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { /** * Initializes the UdnPwdDirAuthentication auth manager. * <p> + * * @param name - The name for this authentication manager instance. * @param implName - The name of the authentication manager plugin. * @param config - The configuration store for this instance. * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { super.init(name, implName, config, false); } @@ -99,12 +98,12 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the udn and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; // authenticate by binding to ldap server with password. @@ -114,7 +113,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { if (userdn == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN)); } - + // get the password. String pwd = (String) authCreds.get(CRED_PWD); @@ -123,8 +122,8 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { } if (pwd.equals("")) { // anonymous binding not allowed - log(ILogger.LL_FAILURE, - "user " + userdn + " attempted login with empty password."); + log(ILogger.LL_FAILURE, + "user " + userdn + " attempted login with empty password."); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } @@ -135,21 +134,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { return userdn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - "Couldn't get ldap connection. Error: " + e.toString()); + log(ILogger.LL_FAILURE, + "Couldn't get ldap connection. Error: " + e.toString()); throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: - log(ILogger.LL_SECURITY, - "user " + userdn + " does not exist in ldap server host " + - conn.getHost() + ", port " + conn.getPort() + "."); + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: + log(ILogger.LL_SECURITY, + "user " + userdn + " does not exist in ldap server host " + + conn.getHost() + ", port " + conn.getPort() + "."); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.INVALID_CREDENTIALS: - log(ILogger.LL_SECURITY, - "authenticate user " + userdn + " with bad password."); + log(ILogger.LL_SECURITY, + "authenticate user " + userdn + " with bad password."); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.SERVER_DOWN: @@ -157,21 +156,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: - log(ILogger.LL_FAILURE, - "Ldap error encountered. " + e.getMessage()); + default: + log(ILogger.LL_FAILURE, + "Ldap error encountered. " + e.getMessage()); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -180,6 +179,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -187,4 +187,3 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication { } } - diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java index e97fee8b..dd750614 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.util.Enumeration; import java.util.Locale; @@ -47,15 +46,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * uid/pwd directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ -public class UidPwdDirAuthentication extends DirBasedAuthentication - implements IProfileAuthenticator { +public class UidPwdDirAuthentication extends DirBasedAuthentication + implements IProfileAuthenticator { /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; @@ -67,26 +65,26 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication * for instances of this implementation can be configured through the * console. */ - protected static String[] mConfigParams = - new String[] { PROP_DNPATTERN, - PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.basedn", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", }; static { mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the username and password provided " + - "by the user against an LDAP directory. Works with the " + - "Dir Based Enrollment HTML form"); + ";Authenticate the username and password provided " + + "by the user against an LDAP directory. Works with the " + + "Dir Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authrules-uidpwddirauth"); + ";configuration-authrules-uidpwddirauth"); }; /** @@ -102,12 +100,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; String uid = null; @@ -119,12 +117,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication if (uid == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. String pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { - throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_PWD)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); } if (pwd.equals("")) { // anonymous binding not allowed @@ -133,7 +131,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication } // get user dn. - CMS.debug("Authenticating: Searching for UID=" + uid + + CMS.debug("Authenticating: Searching for UID=" + uid + " base DN=" + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); @@ -160,8 +158,8 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -174,20 +172,20 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: + default: log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage())); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -196,6 +194,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -203,9 +202,9 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication } // Profile-related methods - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -247,19 +246,19 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(CRED_UID)) { + if (name.equals(CRED_UID)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID")); } else if (name.equals(CRED_PWD)) { return new Descriptor(IDescriptor.PASSWORD, null, null, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD")); - + } return null; } - public void populate(IAuthToken token, IRequest request) - throws EProfileException { + public void populate(IAuthToken token, IRequest request) + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(USER_DN)); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java index ce60bf8d..2908d532 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -53,15 +52,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * uid/pwd/pin directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class UidPwdPinDirAuthentication extends DirBasedAuthentication - implements IExtendedPluginInfo, IProfileAuthenticator { + implements IExtendedPluginInfo, IProfileAuthenticator { /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; @@ -84,49 +82,49 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication * for instances of this implementation can be configured through the * console. */ - protected static String[] mConfigParams = - new String[] { PROP_REMOVE_PIN, - PROP_PIN_ATTR, - PROP_DNPATTERN, - PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.ldapauth.bindDN", - "ldap.ldapauth.bindPWPrompt", - "ldap.ldapauth.clientCertNickname", - "ldap.ldapauth.authtype", - "ldap.basedn", - "ldap.minConns", - "ldap.maxConns", + protected static String[] mConfigParams = + new String[] { PROP_REMOVE_PIN, + PROP_PIN_ATTR, + PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.ldapauth.bindDN", + "ldap.ldapauth.bindPWPrompt", + "ldap.ldapauth.clientCertNickname", + "ldap.ldapauth.authtype", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", }; static { mExtendedPluginInfo.add( - PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal"); + PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal"); mExtendedPluginInfo.add( - PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')"); + PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')"); mExtendedPluginInfo.add( - "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. " - + "For example 'CN=PinRemoval User'"); + "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. " + + "For example 'CN=PinRemoval User'"); mExtendedPluginInfo.add( - "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + - "the above user"); + "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + + "the above user"); mExtendedPluginInfo.add( - "ldap.ldapauth.clientCertNickname;string;If you want to use " - + "SSL client auth to the directory, set the client " - + "cert nickname here"); + "ldap.ldapauth.clientCertNickname;string;If you want to use " + + "SSL client auth to the directory, set the client " + + "cert nickname here"); mExtendedPluginInfo.add( - "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;" - + "How to bind to the directory (for pin removal only)"); + "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;" + + "How to bind to the directory (for pin removal only)"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT - + ";Authenticate the username, password and pin provided " - + "by the user against an LDAP directory. Works with the " - + "Dir/Pin Based Enrollment HTML form"); + + ";Authenticate the username, password and pin provided " + + "by the user against an LDAP directory. Works with the " + + "Dir/Pin Based Enrollment HTML form"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-authrules-uidpwdpindirauth"); + ";configuration-authrules-uidpwdpindirauth"); } @@ -135,12 +133,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected MessageDigest mSHADigest = null; protected MessageDigest mMD5Digest = null; - private String mBindDN = null; - private String mBindPassword = null; + private String mBindDN = null; + private String mBindPassword = null; - private ILdapConnFactory removePinLdapFactory = null; - private LDAPConnection removePinLdapConnection = null; - private IConfigStore removePinLdapConfigStore = null; + private ILdapConnFactory removePinLdapFactory = null; + private LDAPConnection removePinLdapConnection = null; + private IConfigStore removePinLdapConfigStore = null; /** * Default constructor, initialization must follow. @@ -149,12 +147,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication super(); } - public void init(String name, String implName, IConfigStore config) - throws EBaseException { + public void init(String name, String implName, IConfigStore config) + throws EBaseException { super.init(name, implName, config); - mRemovePin = + mRemovePin = config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN); - mPinAttr = + mPinAttr = config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR); if (mPinAttr.equals("")) { mPinAttr = DEF_PIN_ATTR; @@ -166,7 +164,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication removePinLdapFactory.init(removePinLdapConfigStore); removePinLdapConnection = removePinLdapFactory.getConn(); } - + try { mSHADigest = MessageDigest.getInstance("SHA1"); mMD5Digest = MessageDigest.getInstance("MD5"); @@ -177,7 +175,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } protected void verifyPassword(String Password) { - } + } /** * Authenticates a user based on its uid, pwd, pin in the directory. @@ -185,16 +183,16 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication * @param authCreds The authentication credentials with uid, pwd, pin. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, - AuthToken token) - throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; - String uid = null; - String pwd = null; - String pin = null; + String uid = null; + String pwd = null; + String pin = null; try { // get the uid. @@ -202,7 +200,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication if (uid == null) { throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { @@ -256,8 +254,8 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -270,24 +268,24 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication throw new ELdapException( CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - default: + default: log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage())); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } - protected void checkpin(LDAPConnection conn, String userdn, - String uid, String pin) - throws EBaseException, LDAPException { + protected void checkpin(LDAPConnection conn, String userdn, + String uid, String pin) + throws EBaseException, LDAPException { LDAPSearchResults res = null; LDAPEntry entry = null; // get pin. - res = conn.search(userdn, LDAPv2.SCOPE_BASE, + res = conn.search(userdn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mPinAttr }, false); if (res.hasMoreElements()) { entry = (LDAPEntry) res.nextElement(); @@ -309,7 +307,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - byte[] entrypin = (byte[]) pinValues.nextElement(); + byte[] entrypin = (byte[]) pinValues.nextElement(); // compare value digest. @@ -317,14 +315,14 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + byte hashtype = entrypin[0]; byte[] pinDigest = null; String toBeDigested = userdn + pin; if (hashtype == SENTINEL_SHA) { - + pinDigest = mSHADigest.digest(toBeDigested.getBytes()); } else if (hashtype == SENTINEL_MD5) { pinDigest = mMD5Digest.digest(toBeDigested.getBytes()); @@ -343,7 +341,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication int i; for (i = 0; i < (entrypin.length - 1); i++) { - if (pinDigest[i] != entrypin[i + 1]) + if (pinDigest[i] != entrypin[i + 1]) break; } if (i != (entrypin.length - 1)) { @@ -354,17 +352,17 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication // pin ok. remove pin if so configured // Note that this means that a policy may reject this request later, // but the user will not be able to enroll again as his pin is gone. - + // We remove the pin using a different connection which is bound as // a more privileged user. if (mRemovePin) { try { - removePinLdapConnection.modify(userdn, - new LDAPModification( - LDAPModification.DELETE, - new LDAPAttribute(mPinAttr, entrypin))); + removePinLdapConnection.modify(userdn, + new LDAPModification( + LDAPModification.DELETE, + new LDAPAttribute(mPinAttr, entrypin))); } catch (LDAPException e) { log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn)); @@ -374,10 +372,10 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -386,6 +384,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -395,7 +394,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** @@ -453,7 +452,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(USER_DN)); } @@ -462,4 +461,3 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java index 0bb36f28..a4eac090 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -37,27 +36,25 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** - * An abstract class represents an authorization manager that governs the - * access of internal resources such as servlets. - * It parses in the ACLs associated with each protected - * resources, and provides protected method <CODE>checkPermission</CODE> - * for code that needs to verify access before performing + * An abstract class represents an authorization manager that governs the + * access of internal resources such as servlets. + * It parses in the ACLs associated with each protected + * resources, and provides protected method <CODE>checkPermission</CODE> for code that needs to verify access before performing * actions. * <P> * Here is a sample resourceACLS for a resource + * * <PRE> * certServer.UsrGrpAdminServlet: * execute: * deny (execute) user="tempAdmin"; * allow (execute) group="Administrators"; * </PRE> - * To perform permission checking, code call authz mgr authorize() - * method to verify access. See AuthzMgr for calling example. + * + * To perform permission checking, code call authz mgr authorize() method to verify access. See AuthzMgr for calling example. * <P> - * default "evaluators" are used to evaluate the "group=.." or "user=.." - * rules. See evaluator for more info + * default "evaluators" are used to evaluate the "group=.." or "user=.." rules. See evaluator for more info * * @version $Revision$, $Date$ * @see <A HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL Files</A> @@ -92,10 +89,10 @@ public abstract class AAclAuthz { } /** - * Initializes + * Initializes */ - protected void init(IConfigStore config) - throws EBaseException { + protected void init(IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); CMS.debug("AAclAuthz: init begins"); @@ -129,10 +126,9 @@ public abstract class AAclAuthz { (IAccessEvaluator) Class.forName(evalClassPath).newInstance(); } catch (Exception e) { String errMsg = "init(): failed to load class: " + - evalClassPath + ":" + e.toString(); + evalClassPath + ":" + e.toString(); - throw new - EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", + throw new EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", evalClassPath)); } @@ -152,15 +148,15 @@ public abstract class AAclAuthz { /** * Parse ACL resource attributes, then update the ACLs memory store - * This is intended to be used if storing ACLs on ldap is not desired, + * This is intended to be used if storing ACLs on ldap is not desired, * and the caller is expected to call this method to add resource - * and acl info into acls memory store. The resACLs format should conform + * and acl info into acls memory store. The resACLs format should conform * to the following: - * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl + * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl * <P> - * Example: - * resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties - * @param resACLs same format as the resourceACLs attribute + * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties + * + * @param resACLs same format as the resourceACLs attribute * @throws EBaseException parsing error from <code>parseACL</code> */ public void addACLs(String resACLs) throws EBaseException { @@ -180,7 +176,7 @@ public abstract class AAclAuthz { public IACL getACL(String target) { return (ACL) mACLs.get(target); } - + protected Enumeration<String> getTargetNames() { return mACLs.keys(); } @@ -207,7 +203,7 @@ public abstract class AAclAuthz { * Returns a list of configuration parameter names. * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -233,45 +229,31 @@ public abstract class AAclAuthz { *******************************************************/ /** - * Checks if the permission is granted or denied in + * Checks if the permission is granted or denied in * the current execution context. If the code is * marked as privileged, this methods will simply * return. * <P> - * note that if a resource does not exist in the aclResources - * entry, but a higher level node exist, it will still be - * evaluated. The highest level node's acl determines the - * permission. If the higher level node doesn't contain any acl - * information, then it's passed down to the lower node. If - * a node has no aci in its resourceACLs, then it's considered - * passed. + * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's considered passed. * <p> - * example: certServer.common.users, if failed permission check for - * "certServer", then it's considered failed, and there is no need to - * continue the check. If passed permission check for "certServer", - * then it's considered passed, and no need to continue the - * check. If certServer contains no aci then "certServer.common" will be - * checked for permission instead. If down to the leaf level, - * the node still contains no aci, then it's considered passed. - * If at the leaf level, no such resource exist, or no acis, it's - * considered passed. + * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and there is no need to continue the check. If passed permission check for "certServer", then it's considered passed, and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at the leaf level, no such resource exist, or + * no acis, it's considered passed. * <p> - * If there are multiple aci's for a resource, ALL aci's will be - * checked, and only if all passed permission checks, will the - * eventual access be granted. + * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks, will the eventual access be granted. + * * @param name resource name * @param perm permission requested * @exception EACLsException access permission denied */ - protected synchronized void checkPermission(String name, String perm) - throws EACLsException { + protected synchronized void checkPermission(String name, String perm) + throws EACLsException { String resource = ""; StringTokenizer st = new StringTokenizer(name, "."); while (st.hasMoreTokens()) { String node = st.nextToken(); - if (! "".equals(resource)) { + if (!"".equals(resource)) { resource = resource + "." + node; } else { resource = node; @@ -288,18 +270,17 @@ public abstract class AAclAuthz { params[1] = perm; String errMsg = "checkPermission(): permission denied for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; log(ILogger.LL_SECURITY, CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm)); - throw new - EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION", + throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION", (String[]) params)); } if (passed) { String infoMsg = "checkPermission(): permission granted for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; log(ILogger.LL_INFO, infoMsg); @@ -309,38 +290,31 @@ public abstract class AAclAuthz { } /** - * Checks if the permission is granted or denied in + * Checks if the permission is granted or denied in * the current execution context. * <P> - * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. - * However, in case of multiple <code>ACLEntry</code>, a subject must - * pass ALL of the <code>ACLEntry</code> evaluation for permission - * to be granted + * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted * <P> - * negative ("deny") aclEntries are treated differently than - * positive ("allow") statements. If a negative aclEntries - * fails the acl check, the permission check will return "false" - * right away; while in the case of a positive aclEntry, if the - * the aclEntry fails the acl check, the next aclEntry will be - * evaluated. + * negative ("deny") aclEntries are treated differently than positive ("allow") statements. If a negative aclEntries fails the acl check, the permission check will return "false" right away; while in the case of a positive aclEntry, if the the aclEntry fails the acl check, the next aclEntry will be evaluated. + * * @param name resource name * @param perm permission requested * @return true if access allowed * false if should be passed down to the next node * @exception EACLsException if access disallowed */ - private boolean checkACLs(String name, String perm) - throws EACLsException { + private boolean checkACLs(String name, String perm) + throws EACLsException { ACL acl = (ACL) mACLs.get(name); // no such resource, pass it down if (acl == null) { String infoMsg = "checkACLs(): no acl for" + - name + "...pass down to next node"; + name + "...pass down to next node"; log(ILogger.LL_INFO, infoMsg); - return false; + return false; } Enumeration<ACLEntry> e = acl.entries(); @@ -348,7 +322,7 @@ public abstract class AAclAuthz { if ((e == null) || (e.hasMoreElements() == false)) { // no acis for node, pass down to next node String infoMsg = " AAclAuthz.checkACLs(): no acis for " + - name + " acl entry...pass down to next node"; + name + " acl entry...pass down to next node"; log(ILogger.LL_INFO, infoMsg); @@ -383,7 +357,7 @@ public abstract class AAclAuthz { * Resolves the given expressions. * expression || expression || ... * example: - * group="Administrators" || group="Operators" + * group="Administrators" || group="Operators" */ private boolean evaluateExpressions(String s) { // XXX - just handle "||" (or) among multiple expressions for now @@ -449,8 +423,8 @@ public abstract class AAclAuthz { private boolean evaluateExpression(String expression) { // XXX - just recognize "=" for now!! int i = expression.indexOf("="); - String type = expression.substring(0, i); - String value = expression.substring(i + 1); + String type = expression.substring(0, i); + String value = expression.substring(i + 1); IAccessEvaluator evaluator = (IAccessEvaluator) mEvaluators.get(type); if (evaluator == null) { @@ -468,76 +442,62 @@ public abstract class AAclAuthz { *******************************************************/ /** - * Checks if the permission is granted or denied with id from authtoken + * Checks if the permission is granted or denied with id from authtoken * gotten from authentication that precedes authorization. If the code is * marked as privileged, this methods will simply * return. * <P> - * note that if a resource does not exist in the aclResources - * entry, but a higher level node exist, it will still be - * evaluated. The highest level node's acl determines the - * permission. If the higher level node doesn't contain any acl - * information, then it's passed down to the lower node. If - * a node has no aci in its resourceACLs, then it's considered - * passed. + * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's considered passed. * <p> - * example: certServer.common.users, if failed permission check for - * "certServer", then it's considered failed, and there is no need to - * continue the check. If passed permission check for "certServer", - * then it's considered passed, and no need to continue the - * check. If certServer contains no aci then "certServer.common" will be - * checked for permission instead. If down to the leaf level, - * the node still contains no aci, then it's considered passed. - * If at the leaf level, no such resource exist, or no acis, it's - * considered passed. + * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and there is no need to continue the check. If passed permission check for "certServer", then it's considered passed, and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at the leaf level, no such resource exist, or + * no acis, it's considered passed. * <p> - * If there are multiple aci's for a resource, ALL aci's will be - * checked, and only if all passed permission checks, will the - * eventual access be granted. + * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks, will the eventual access be granted. + * * @param authToken authentication token gotten from authentication * @param name resource name * @param perm permission requested * @exception EACLsException access permission denied */ - public synchronized void checkPermission(IAuthToken authToken, String name, - String perm) - throws EACLsException { - + public synchronized void checkPermission(IAuthToken authToken, String name, + String perm) + throws EACLsException { + Vector<String> nodev = getNodes(name); Enumeration<String> nodes = nodev.elements(); String order = getOrder(); Enumeration<ACLEntry> entries = null; - if (order.equals("deny")) + if (order.equals("deny")) entries = getDenyEntries(nodes, perm); - else + else entries = getAllowEntries(nodes, perm); - + boolean permitted = false; while (entries.hasMoreElements()) { ACLEntry entry = (ACLEntry) entries.nextElement(); CMS.debug("checkACLS(): ACLEntry expressions= " + - entry.getAttributeExpressions()); + entry.getAttributeExpressions()); if (evaluateExpressions(authToken, entry.getAttributeExpressions())) { - log(ILogger.LL_SECURITY, - " checkACLs(): permission denied"); + log(ILogger.LL_SECURITY, + " checkACLs(): permission denied"); throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED")); } } nodes = nodev.elements(); - if (order.equals("deny")) + if (order.equals("deny")) entries = getAllowEntries(nodes, perm); - else + else entries = getDenyEntries(nodes, perm); - while (entries.hasMoreElements()) { + while (entries.hasMoreElements()) { ACLEntry entry = (ACLEntry) entries.nextElement(); CMS.debug("checkACLS(): ACLEntry expressions= " + - entry.getAttributeExpressions()); + entry.getAttributeExpressions()); if (evaluateExpressions(authToken, entry.getAttributeExpressions())) { permitted = true; } @@ -546,7 +506,7 @@ public abstract class AAclAuthz { nodev = null; if (permitted) { String infoMsg = "checkPermission(): permission granted for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; log(ILogger.LL_INFO, infoMsg); return; @@ -557,10 +517,10 @@ public abstract class AAclAuthz { params[1] = perm; String errMsg = "checkPermission(): permission denied for the resource " + - name + " on operation " + perm; + name + " on operation " + perm; - log(ILogger.LL_SECURITY, - CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm)); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm)); throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION", (String[]) params)); @@ -582,13 +542,13 @@ public abstract class AAclAuthz { while (e.hasMoreElements()) { ACLEntry entry = (ACLEntry) e.nextElement(); - if (!entry.isNegative() && - entry.containPermission(operation)) { + if (!entry.isNegative() && + entry.containPermission(operation)) { v.addElement(entry); } } } - + return v.elements(); } @@ -607,13 +567,13 @@ public abstract class AAclAuthz { while (e.hasMoreElements()) { ACLEntry entry = e.nextElement(); - if (entry.isNegative() && - entry.containPermission(operation)) { + if (entry.isNegative() && + entry.containPermission(operation)) { v.addElement(entry); } } } - + return v.elements(); } @@ -621,7 +581,7 @@ public abstract class AAclAuthz { * Resolves the given expressions. * expression || expression || ... * example: - * group="Administrators" || group="Operators" + * group="Administrators" || group="Operators" */ private boolean evaluateExpressions(IAuthToken authToken, String s) { // XXX - just handle "||" (or) among multiple expressions for now @@ -703,7 +663,7 @@ public abstract class AAclAuthz { while (index != -1) { name = name.substring(0, index); v.addElement(name); - index = name.lastIndexOf("."); + index = name.lastIndexOf("."); } return v; @@ -745,7 +705,7 @@ public abstract class AAclAuthz { i = exp.indexOf(">"); if (i == -1) { i = exp.indexOf("<"); - if (i == -1) { + if (i == -1) { log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_OP_NOT_SUPPORTED", exp)); } else { return "<"; @@ -780,19 +740,19 @@ public abstract class AAclAuthz { *******************************************************/ /** - * This one only updates the memory. Classes extend this class should + * This one only updates the memory. Classes extend this class should * also update to a permanent storage */ - public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + public void updateACLs(String id, String rights, String strACLs, + String desc) throws EACLsException { ACL acl = (ACL) getACL(id); - + String resourceACLs = id; if (rights != null) resourceACLs = id + ":" + rights + ":" + strACLs + ":" + desc; - // memory update + // memory update ACL ac = null; try { @@ -806,6 +766,7 @@ public abstract class AAclAuthz { /** * gets an enumeration of resources + * * @return an enumeration of resources contained in the ACL table */ public Enumeration<ACL> aclResElements() { @@ -814,6 +775,7 @@ public abstract class AAclAuthz { /** * gets an enumeration of access evaluators + * * @return an enumeraton of access evaluators */ public Enumeration<IAccessEvaluator> aclEvaluatorElements() { @@ -822,6 +784,7 @@ public abstract class AAclAuthz { /** * gets the access evaluators + * * @return handle to the access evaluators table */ public Hashtable<String, IAccessEvaluator> getAccessEvaluators() { @@ -830,6 +793,7 @@ public abstract class AAclAuthz { /** * is this resource name unique + * * @return true if unique; false otherwise */ public boolean isTypeUnique(String type) { @@ -844,7 +808,7 @@ public abstract class AAclAuthz { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + level, msg); } /********************************* @@ -852,7 +816,7 @@ public abstract class AAclAuthz { **********************************/ /** - * update acls. called after memory upate is done to flush to permanent + * update acls. called after memory upate is done to flush to permanent * storage. * <p> */ @@ -860,9 +824,9 @@ public abstract class AAclAuthz { /** * an abstract class that enforces implementation of the - * authorize() method that will authorize an operation on a - * particular resource - * + * authorize() method that will authorize an operation on a + * particular resource + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java index 29cb671e..c3e65ca8 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - // cert server imports. import com.netscape.certsrv.acls.EACLsException; import com.netscape.certsrv.apps.CMS; @@ -31,14 +30,13 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.logging.ILogger; - /** * A class for basic acls authorization manager - * + * * @version $Revision$, $Date$ */ public class BasicAclAuthz extends AAclAuthz - implements IAuthzManager, IExtendedPluginInfo { + implements IAuthzManager, IExtendedPluginInfo { // members @@ -73,7 +71,7 @@ public class BasicAclAuthz extends AAclAuthz * console. */ mConfigParams = - new String[] { + new String[] { "dummy" }; } @@ -82,7 +80,7 @@ public class BasicAclAuthz extends AAclAuthz * */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -113,15 +111,16 @@ public class BasicAclAuthz extends AAclAuthz * <p> * Example: * <p> - * For example, if UsrGrpAdminServlet needs to authorize the caller - * it would do be done in the following fashion: + * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion: + * * <PRE> - * try { - * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); - * } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); - * } - * </PRE> + * try { + * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); + * } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, "authorize call: " + e.toString()); + * } + * </PRE> + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name @@ -130,7 +129,7 @@ public class BasicAclAuthz extends AAclAuthz * @return authzToken if success */ public AuthzToken authorize(IAuthToken authToken, String resource, String operation) - throws EAuthzInternalError, EAuthzAccessDenied { + throws EAuthzInternalError, EAuthzAccessDenied { AuthzToken authzToken = new AuthzToken(this); try { @@ -142,11 +141,11 @@ public class BasicAclAuthz extends AAclAuthz authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource); authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation); authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, - AuthzToken.AUTHZ_STATUS_SUCCESS); + AuthzToken.AUTHZ_STATUS_SUCCESS); } catch (EACLsException e) { // audit here later log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); - String params[] = {resource, operation}; + String params[] = { resource, operation }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } @@ -155,22 +154,23 @@ public class BasicAclAuthz extends AAclAuthz } public AuthzToken authorize(IAuthToken authToken, String expression) - throws EAuthzAccessDenied { + throws EAuthzAccessDenied { if (evaluateACLs(authToken, expression)) { return (new AuthzToken(this)); } else { - String params[] = {expression}; + String params[] = { expression }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } } /** * This currently does not flush to permanent storage + * * @param id is the resource id - * @param strACLs + * @param strACLs */ public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + String desc) throws EACLsException { try { super.updateACLs(id, rights, strACLs, desc); // flushResourceACLs(); @@ -180,7 +180,7 @@ public class BasicAclAuthz extends AAclAuthz needsFlush = true; String errMsg = "updateACLs: failed to flushResourceACLs(): " - + ex.toString(); + + ex.toString(); log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString())); @@ -198,7 +198,7 @@ public class BasicAclAuthz extends AAclAuthz } /** - * graceful shutdown + * graceful shutdown */ public void shutdown() { log(ILogger.LL_INFO, "shutting down"); @@ -206,6 +206,7 @@ public class BasicAclAuthz extends AAclAuthz /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -214,6 +215,6 @@ public class BasicAclAuthz extends AAclAuthz if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java index 820bf97b..b2318e7e 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - import java.util.Enumeration; import netscape.ldap.LDAPAttribute; @@ -44,15 +43,14 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; - /** * A class for ldap acls based authorization manager * The ldap server used for acls is the cms internal ldap db. - * + * * @version $Revision$, $Date$ */ public class DirAclAuthz extends AAclAuthz - implements IAuthzManager, IExtendedPluginInfo { + implements IAuthzManager, IExtendedPluginInfo { // members @@ -76,21 +74,21 @@ public class DirAclAuthz extends AAclAuthz static { mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" + - "LDAP host to connect to"); + "LDAP host to connect to"); mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" + - "LDAP port number (use 389, or 636 if SSL)"); + "LDAP port number (use 389, or 636 if SSL)"); mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" + - "Use SSL to connect to directory?"); + "Use SSL to connect to directory?"); mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" + - "LDAP protocol version"); + "LDAP protocol version"); mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " + - "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " + - "might want to use 'o=NetscapeCertificateServer' here"); + "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " + + "might want to use 'o=NetscapeCertificateServer' here"); mExtendedPluginInfo.add("ldap.minConns;number;number of connections " + - "to keep open to directory server. Default 5."); + "to keep open to directory server. Default 5."); mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " - + - "pool can grow to this many (multiplexed) connections. Default 1000"); + + + "pool can grow to this many (multiplexed) connections. Default 1000"); } /** @@ -104,14 +102,14 @@ public class DirAclAuthz extends AAclAuthz * console. */ mConfigParams = - new String[] { - "ldap.ldapconn.host", - "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", - "ldap.ldapconn.version", - "ldap.basedn", - "ldap.minConns", - "ldap.maxConns", + new String[] { + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", }; } @@ -119,7 +117,7 @@ public class DirAclAuthz extends AAclAuthz * */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -154,7 +152,7 @@ public class DirAclAuthz extends AAclAuthz CMS.debug("DirAclAuthz: about to ldap search aclResources"); try { conn = getConn(); - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, + LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "cn=aclResources", null, false); returnConn(conn); @@ -165,7 +163,7 @@ public class DirAclAuthz extends AAclAuthz LDAPAttribute aclRes = entry.getAttribute("resourceACLS"); @SuppressWarnings("unchecked") - Enumeration<String> en = (Enumeration<String> )aclRes.getStringValues(); + Enumeration<String> en = (Enumeration<String>) aclRes.getStringValues(); for (; en != null && en.hasMoreElements();) { addACLs(en.nextElement()); @@ -205,15 +203,16 @@ public class DirAclAuthz extends AAclAuthz * <p> * Example: * <p> - * For example, if UsrGrpAdminServlet needs to authorize the caller - * it would do be done in the following fashion: + * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion: + * * <PRE> - * try { - * authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); - * } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); - * } - * </PRE> + * try { + * authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); + * } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, "authorize call: " + e.toString()); + * } + * </PRE> + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name @@ -221,7 +220,7 @@ public class DirAclAuthz extends AAclAuthz * @return authzToken */ public AuthzToken authorize(IAuthToken authToken, String resource, String operation) - throws EAuthzInternalError, EAuthzAccessDenied { + throws EAuthzInternalError, EAuthzAccessDenied { AuthzToken authzToken = new AuthzToken(this); try { @@ -234,40 +233,37 @@ public class DirAclAuthz extends AAclAuthz } catch (EACLsException e) { // audit here later log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); - String params[] = {resource, operation}; + String params[] = { resource, operation }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } - + return authzToken; } public AuthzToken authorize(IAuthToken authToken, String expression) - throws EAuthzAccessDenied { + throws EAuthzAccessDenied { if (evaluateACLs(authToken, expression)) { return (new AuthzToken(this)); } else { - String params[] = {expression}; + String params[] = { expression }; throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } } /** - * update acls. when memory update is done, flush to ldap. + * update acls. when memory update is done, flush to ldap. * <p> - * Currently, it is possible that when the memory is updated - * successfully, and the ldap isn't, the memory upates lingers. - * The result is that the changes will only be done on ldap at the - * next update, or when the system shuts down, another flush will be - * attempted. + * Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted. + * * @param id is the resource id * @param rights The allowable rights for this resource * @param strACLs has the same format as a resourceACLs entry acis - * on the ldap server + * on the ldap server * @param desc The description for this resource */ public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + String desc) throws EACLsException { try { super.updateACLs(id, rights, strACLs, desc); flushResourceACLs(); @@ -277,7 +273,7 @@ public class DirAclAuthz extends AAclAuthz needsFlush = true; String errMsg = "updateACLs: failed to flushResourceACLs(): " - + ex.toString(); + + ex.toString(); log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString())); @@ -335,7 +331,7 @@ public class DirAclAuthz extends AAclAuthz } /** - * graceful shutdown + * graceful shutdown */ public void shutdown() { if (needsFlush) { @@ -351,13 +347,14 @@ public class DirAclAuthz extends AAclAuthz try { mLdapConnFactory.reset(); mLdapConnFactory = null; - } catch (ELdapException e) { + } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString())); } } /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -366,6 +363,6 @@ public class DirAclAuthz extends AAclAuthz if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java index 6fe802e7..19b6180d 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -38,14 +37,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a Authority Information Access CRL extension. - * + * * @version $Revision$, $Date$ */ public class CMSAuthInfoAccessExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_NUM_ADS = "numberOfAccessDescriptions"; public static final String PROP_ACCESS_METHOD = "accessMethod"; public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType"; @@ -62,7 +60,7 @@ public class CMSAuthInfoAccessExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext; authInfoAccessExt.setCritical(critical); @@ -71,7 +69,7 @@ public class CMSAuthInfoAccessExtension } public Extension getCRLExtension(IConfigStore config, Object ip, - boolean critical) { + boolean critical) { ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical); @@ -138,7 +136,7 @@ public class CMSAuthInfoAccessExtension String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) { - accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN"; + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; } URIName uriName = new URIName(accessLocation); authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName)); @@ -211,7 +209,7 @@ public class CMSAuthInfoAccessExtension String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) { - accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN"; + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; } nvp.add(PROP_ACCESS_LOCATION + i, accessLocation); } @@ -224,32 +222,32 @@ public class CMSAuthInfoAccessExtension "critical;boolean;Set criticality for Authority Information Access extension.", PROP_NUM_ADS + ";number;Set number of Access Descriptions.", PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + - PROP_ACCESS_METHOD_OCSP +");Select access description method.", + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," + - PROP_DIRNAME + ");Select access location type.", + PROP_DIRNAME + ");Select access location type.", PROP_ACCESS_LOCATION + "0;string;Enter access location " + - "corresponding to the selected access location type.", + "corresponding to the selected access location type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authorityinformationaccess", + ";configuration-ca-edit-crlextension-authorityinformationaccess", PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + - PROP_ACCESS_METHOD_OCSP +");Select access description method.", + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," + - PROP_DIRNAME + ");Select access location type.", + PROP_DIRNAME + ");Select access location type.", PROP_ACCESS_LOCATION + "1;string;Enter access location " + - "corresponding to the selected access location type.", + "corresponding to the selected access location type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authorityinformationaccess", + ";configuration-ca-edit-crlextension-authorityinformationaccess", PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + - PROP_ACCESS_METHOD_OCSP +");Select access description method.", + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," + - PROP_DIRNAME + ");Select access location type.", + PROP_DIRNAME + ");Select access location type.", PROP_ACCESS_LOCATION + "2;string;Enter access location " + - "corresponding to the selected access location type.", + "corresponding to the selected access location type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authorityinformationaccess", + ";configuration-ca-edit-crlextension-authorityinformationaccess", IExtendedPluginInfo.HELP_TEXT + - ";The Freshest CRL is a non critical CRL extension " + - "that identifies the delta CRL distribution points for a particular CRL." + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." }; return params; @@ -257,6 +255,6 @@ public class CMSAuthInfoAccessExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSAuthInfoAccessExtension - " + msg); + "CMSAuthInfoAccessExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index 4cdb0bdc..89ededb6 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; @@ -43,21 +42,20 @@ import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents an authority key identifier extension. - * + * * @version $Revision$, $Date$ */ public class CMSAuthorityKeyIdentifierExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSAuthorityKeyIdentifierExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { AuthorityKeyIdentifierExtension authKeyIdExt = null; KeyIdentifier keyId = null; GeneralNames names = null; @@ -78,8 +76,8 @@ public class CMSAuthorityKeyIdentifierExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { AuthorityKeyIdentifierExtension authKeyIdExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -88,12 +86,12 @@ public class CMSAuthorityKeyIdentifierExtension try { X509CertInfo info = (X509CertInfo) - ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); if (info != null) { - CertificateExtensions caCertExtensions = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions caCertExtensions = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); if (caCertExtensions != null) { for (int i = 0; i < caCertExtensions.size(); i++) { @@ -101,7 +99,7 @@ public class CMSAuthorityKeyIdentifierExtension if (caCertExt instanceof SubjectKeyIdentifierExtension) { SubjectKeyIdentifierExtension id = - (SubjectKeyIdentifierExtension) caCertExt; + (SubjectKeyIdentifierExtension) caCertExt; keyId = (KeyIdentifier) id.get(SubjectKeyIdentifierExtension.KEY_ID); @@ -148,11 +146,11 @@ public class CMSAuthorityKeyIdentifierExtension "enable;boolean;Check to enable Authority Key Identifier CRL extension.", "critical;boolean;Set criticality for Authority Key Identifier CRL extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authoritykeyidentifier", + ";configuration-ca-edit-crlextension-authoritykeyidentifier", IExtendedPluginInfo.HELP_TEXT + - ";The authority key identifier extension provides a means " + - "of identifying the public key corresponding to the private " + - "key used to sign a CRL." + ";The authority key identifier extension provides a means " + + "of identifying the public key corresponding to the private " + + "key used to sign a CRL." }; return params; @@ -160,6 +158,6 @@ public class CMSAuthorityKeyIdentifierExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSAuthorityKeyIdentifierExtension - " + msg); + "CMSAuthorityKeyIdentifierExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java index e4bb4cb6..e7f4e7b3 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a CRL number extension. - * + * * @version $Revision$, $Date$ */ public class CMSCRLNumberExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSCRLNumberExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { BigInteger crlNumber = null; CRLNumberExtension crlNumberExt = null; @@ -64,8 +62,8 @@ public class CMSCRLNumberExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { CRLNumberExtension crlNumberExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -92,11 +90,11 @@ public class CMSCRLNumberExtension "enable;boolean;Check to enable CRL Number extension.", "critical;boolean;Set criticality for CRL Number extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-crlnumber", + ";configuration-ca-edit-crlextension-crlnumber", IExtendedPluginInfo.HELP_TEXT + - ";The CRL number is a non-critical CRL extension " + - "which conveys a monotonically increasing sequence number " + - "for each CRL issued by a CA" + ";The CRL number is a non-critical CRL extension " + + "which conveys a monotonically increasing sequence number " + + "for each CRL issued by a CA" }; return params; @@ -104,6 +102,6 @@ public class CMSCRLNumberExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSCRLNumberExtension - " + msg); + "CMSCRLNumberExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java index 245428a6..6ed993d5 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a CRL reason extension. - * + * * @version $Revision$, $Date$ */ public class CMSCRLReasonExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSCRLReasonExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { RevocationReason reason = null; CRLReasonExtension crlReasonExt = null; @@ -61,8 +59,8 @@ public class CMSCRLReasonExtension } public Extension getCRLExtension(IConfigStore config, - Object crlIssuingPoint, - boolean critical) { + Object crlIssuingPoint, + boolean critical) { CRLReasonExtension crlReasonExt = null; return crlReasonExt; @@ -82,10 +80,10 @@ public class CMSCRLReasonExtension "enable;boolean;Check to enable reason code CRL entry extension.", "critical;boolean;Set criticality for reason code CRL entry extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-crlreason", + ";configuration-ca-edit-crlextension-crlreason", IExtendedPluginInfo.HELP_TEXT + - ";The CRL reason code is a non-critical CRL entry extension " + - "that identifies the reason for the certificate revocation." + ";The CRL reason code is a non-critical CRL entry extension " + + "that identifies the reason for the certificate revocation." }; return params; @@ -93,6 +91,6 @@ public class CMSCRLReasonExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSCRLReasonExtension - " + msg); + "CMSCRLReasonExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java index 601e15d2..68d6128d 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -40,18 +39,18 @@ import com.netscape.certsrv.logging.ILogger; /** * This represents a certificate issuer extension. - * + * * @version $Revision$, $Date$ */ public class CMSCertificateIssuerExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSCertificateIssuerExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { CertificateIssuerExtension certIssuerExt = null; GeneralNames names = null; @@ -67,8 +66,8 @@ public class CMSCertificateIssuerExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { CertificateIssuerExtension certIssuerExt = null; int numNames = 0; @@ -207,10 +206,10 @@ public class CMSCertificateIssuerExtension "nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.", "name2;string;Enter Certificate Issuer name corresponding to the selected name type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-certificateissuer", + ";configuration-ca-edit-crlextension-certificateissuer", IExtendedPluginInfo.HELP_TEXT + - ";This CRL entry extension identifies the certificate issuer" + - " associated with an entry in an indirect CRL." + ";This CRL entry extension identifies the certificate issuer" + + " associated with an entry in an indirect CRL." }; return params; @@ -219,4 +218,4 @@ public class CMSCertificateIssuerExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java index 35d21e5c..8672502a 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a delta CRL indicator extension. - * + * * @version $Revision$, $Date$ */ public class CMSDeltaCRLIndicatorExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSDeltaCRLIndicatorExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { BigInteger baseCRLNumber = null; DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null; @@ -65,8 +63,8 @@ public class CMSDeltaCRLIndicatorExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -94,10 +92,10 @@ public class CMSDeltaCRLIndicatorExtension "enable;boolean;Check to enable Delta CRL Indicator extension.", "critical;boolean;Set criticality for Delta CRL Indicator extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-crlnumber", + ";configuration-ca-edit-crlextension-crlnumber", IExtendedPluginInfo.HELP_TEXT + - ";The Delta CRL Indicator is a critical CRL extension " + - "which identifies a delta-CRL." + ";The Delta CRL Indicator is a critical CRL extension " + + "which identifies a delta-CRL." }; return params; @@ -105,7 +103,6 @@ public class CMSDeltaCRLIndicatorExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSDeltaCRLIndicatorExtension - " + msg); + "CMSDeltaCRLIndicatorExtension - " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java index 86bdd05e..38eb7a1c 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -40,14 +39,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a freshest CRL extension. - * + * * @version $Revision$, $Date$ */ public class CMSFreshestCRLExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_NUM_POINTS = "numPoints"; public static final String PROP_POINTTYPE = "pointType"; public static final String PROP_POINTNAME = "pointName"; @@ -60,7 +58,7 @@ public class CMSFreshestCRLExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext; freshestCRLExt.setCritical(critical); @@ -69,7 +67,7 @@ public class CMSFreshestCRLExtension } public Extension getCRLExtension(IConfigStore config, Object ip, - boolean critical) { + boolean critical) { ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; FreshestCRLExtension freshestCRLExt = null; @@ -159,7 +157,7 @@ public class CMSFreshestCRLExtension numPoints = config.getInteger(PROP_NUM_POINTS, 0); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " + - "Freshest CRL extension - " + e); + "Freshest CRL extension - " + e); } nvp.add(PROP_NUM_POINTS, String.valueOf(numPoints)); @@ -204,26 +202,26 @@ public class CMSFreshestCRLExtension "critical;boolean;Set criticality for Freshest CRL extension.", PROP_NUM_POINTS + ";number;Set number of CRL distribution points.", PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME + - ");Select CRL distribution point name type.", + ");Select CRL distribution point name type.", PROP_POINTNAME + "0;string;Enter CRL distribution point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME + - ");Select CRL distribution point name type.", + ");Select CRL distribution point name type.", PROP_POINTNAME + "1;string;Enter CRL distribution point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME + - ");Select CRL distribution point name type.", + ");Select CRL distribution point name type.", PROP_POINTNAME + "2;string;Enter CRL distribution point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", IExtendedPluginInfo.HELP_TEXT + - ";The Freshest CRL is a non critical CRL extension " + - "that identifies the delta CRL distribution points for a particular CRL." + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." }; return params; @@ -231,6 +229,6 @@ public class CMSFreshestCRLExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSFreshestCRLExtension - " + msg); + "CMSFreshestCRLExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java index e0e39b8a..45aa5038 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; @@ -36,14 +35,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a hold instruction extension. - * + * * @version $Revision$, $Date$ */ public class CMSHoldInstructionExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_INSTR = "instruction"; public static final String PROP_INSTR_NONE = "none"; public static final String PROP_INSTR_CALLISSUER = "callissuer"; @@ -55,12 +53,12 @@ public class CMSHoldInstructionExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { HoldInstructionExtension holdInstrExt = null; try { ObjectIdentifier holdInstr = - ((HoldInstructionExtension) ext).getHoldInstructionCode(); + ((HoldInstructionExtension) ext).getHoldInstructionCode(); holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical), holdInstr); @@ -71,8 +69,8 @@ public class CMSHoldInstructionExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { HoldInstructionExtension holdInstrExt = null; String instruction = null; @@ -121,8 +119,7 @@ public class CMSHoldInstructionExtension } if (instruction != null) { if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) || - instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || - instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { + instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { instruction = PROP_INSTR_NONE; } } else { @@ -138,14 +135,14 @@ public class CMSHoldInstructionExtension "enable;boolean;Check to enable Hold Instruction CRL entry extension.", "critical;boolean;Set criticality for Hold Instruction CRL entry extension.", PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," + - PROP_INSTR_REJECT + ");Select hold instruction code.", + PROP_INSTR_REJECT + ");Select hold instruction code.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-holdinstruction", + ";configuration-ca-edit-crlextension-holdinstruction", IExtendedPluginInfo.HELP_TEXT + - ";The hold instruction code is a non-critical CRL entry " + - "extension that provides a registered instruction identifier " + - "which indicates the action to be taken after encountering " + - "a certificate that has been placed on hold." + ";The hold instruction code is a non-critical CRL entry " + + "extension that provides a registered instruction identifier " + + "which indicates the action to be taken after encountering " + + "a certificate that has been placed on hold." }; return params; @@ -153,6 +150,6 @@ public class CMSHoldInstructionExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSHoldInstructionExtension - " + msg); + "CMSHoldInstructionExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java index c0c62244..083873c3 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a invalidity date extension. - * + * * @version $Revision$, $Date$ */ public class CMSInvalidityDateExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSInvalidityDateExtension() { } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { InvalidityDateExtension invalidityDateExt = null; try { @@ -62,8 +60,8 @@ public class CMSInvalidityDateExtension } public Extension getCRLExtension(IConfigStore config, - Object crlIssuingPoint, - boolean critical) { + Object crlIssuingPoint, + boolean critical) { InvalidityDateExtension invalidityDateExt = null; return invalidityDateExt; @@ -83,12 +81,12 @@ public class CMSInvalidityDateExtension "enable;boolean;Check to enable Invalidity Date CRL entry extension.", "critical;boolean;Set criticality for Invalidity Date CRL entry extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-invaliditydate", + ";configuration-ca-edit-crlextension-invaliditydate", IExtendedPluginInfo.HELP_TEXT + - ";The invalidity date is a non-critical CRL entry extension " + - "that provides the date on which it is known or suspected " + - "that the private key was compromised or that the certificate" + - " otherwise became invalid." + ";The invalidity date is a non-critical CRL entry extension " + + "that provides the date on which it is known or suspected " + + "that the private key was compromised or that the certificate" + + " otherwise became invalid." }; return params; @@ -96,6 +94,6 @@ public class CMSInvalidityDateExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSInvalidityDateExtension - " + msg); + "CMSInvalidityDateExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java index 9ca9d5d2..204048c9 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Locale; @@ -47,14 +46,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a issuer alternative name extension. - * + * * @version $Revision$, $Date$ */ public class CMSIssuerAlternativeNameExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { private static final String PROP_RFC822_NAME = "rfc822Name"; private static final String PROP_DNS_NAME = "dNSName"; private static final String PROP_DIR_NAME = "directoryName"; @@ -70,7 +68,7 @@ public class CMSIssuerAlternativeNameExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { IssuerAlternativeNameExtension issuerAltNameExt = null; GeneralNames names = null; @@ -84,8 +82,8 @@ public class CMSIssuerAlternativeNameExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; IssuerAlternativeNameExtension issuerAltNameExt = null; int numNames = 0; @@ -196,7 +194,7 @@ public class CMSIssuerAlternativeNameExtension numNames = config.getInteger("numNames", 0); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " + - "IssuerAlternativeName extension - " + e); + "IssuerAlternativeName extension - " + e); } nvp.add("numNames", String.valueOf(numNames)); @@ -207,10 +205,10 @@ public class CMSIssuerAlternativeNameExtension nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } if (nameType != null && nameType.length() > 0) { @@ -225,10 +223,10 @@ public class CMSIssuerAlternativeNameExtension name = config.getString("name" + i); } catch (EPropertyNotFound e) { log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " + - "CRL IssuerAlternativeName extension - " + e); + "CRL IssuerAlternativeName extension - " + e); } if (name != null && name.length() > 0) { @@ -254,22 +252,22 @@ public class CMSIssuerAlternativeNameExtension "critical;boolean;Set criticality for Issuer Alternative Name CRL extension.", "numNames;number;Set number of alternative names for the CRL issuer.", "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + - PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + - PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", "name0;string;Enter Issuer Alternative Name corresponding to the selected name type.", "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + - PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + - PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", "name1;string;Enter Issuer Alternative Name corresponding to the selected name type.", "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + - PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + - PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", "name2;string;Enter Issuer Alternative Name corresponding to the selected name type.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issueralternativename", + ";configuration-ca-edit-crlextension-issueralternativename", IExtendedPluginInfo.HELP_TEXT + - ";The issuer alternative names extension allows additional" + - " identities to be associated with the issuer of the CRL." + ";The issuer alternative names extension allows additional" + + " identities to be associated with the issuer of the CRL." }; return params; @@ -277,6 +275,6 @@ public class CMSIssuerAlternativeNameExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSIssuerAlternativeNameExtension - " + msg); + "CMSIssuerAlternativeNameExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java index ccc5b64d..3df24330 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -43,14 +42,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents a issuing distribution point extension. - * + * * @version $Revision$, $Date$ */ public class CMSIssuingDistributionPointExtension - implements ICMSCRLExtension, IExtendedPluginInfo { + implements ICMSCRLExtension, IExtendedPluginInfo { public static final String PROP_POINTTYPE = "pointType"; public static final String PROP_POINTNAME = "pointName"; public static final String PROP_DIRNAME = "DirectoryName"; @@ -61,14 +59,14 @@ public class CMSIssuingDistributionPointExtension public static final String PROP_INDIRECT = "indirectCRL"; public static final String PROP_REASONS = "onlySomeReasons"; - private static final String[] reasonFlags = {"unused", + private static final String[] reasonFlags = { "unused", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", - "privilegeWithdrawn"}; + "privilegeWithdrawn" }; private ILogger mLogger = CMS.getLogger(); @@ -76,9 +74,9 @@ public class CMSIssuingDistributionPointExtension } public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + boolean critical) { IssuingDistributionPointExtension issuingDPointExt = - (IssuingDistributionPointExtension) ext; + (IssuingDistributionPointExtension) ext; issuingDPointExt.setCritical(critical); @@ -86,8 +84,8 @@ public class CMSIssuingDistributionPointExtension } public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + Object ip, + boolean critical) { CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension."); ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -164,7 +162,7 @@ public class CMSIssuingDistributionPointExtension } if (reasons != null && reasons.length() > 0) { - boolean[] bits = {false, false, false, false, false, false, false}; + boolean[] bits = { false, false, false, false, false, false, false }; int k = 0; StringTokenizer st = new StringTokenizer(reasons, ","); @@ -275,25 +273,25 @@ public class CMSIssuingDistributionPointExtension log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString())); } // Disable these for now unitl we support them fully -/* - try { - boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false); - - nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); - } catch (EBaseException e) { - nvp.add(PROP_USERCERTS, "false"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString())); - } + /* + try { + boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false); + + nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); + } catch (EBaseException e) { + nvp.add(PROP_USERCERTS, "false"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString())); + } - try { - boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false); + try { + boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false); - nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); - } catch (EBaseException e) { - nvp.add(PROP_INDIRECT, "false"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString())); - } -*/ + nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); + } catch (EBaseException e) { + nvp.add(PROP_INDIRECT, "false"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString())); + } + */ } public String[] getExtendedPluginInfo(Locale locale) { @@ -310,20 +308,20 @@ public class CMSIssuingDistributionPointExtension "enable;boolean;Check to enable Issuing Distribution Point CRL extension.", "critical;boolean;Set criticality for Issuing Distribution Point CRL extension.", PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," + - PROP_RDNNAME + ");Select Issuing Distribution Point name type.", + PROP_RDNNAME + ");Select Issuing Distribution Point name type.", PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " + - "corresponding to the selected point type.", + "corresponding to the selected point type.", PROP_REASONS + ";string;Select any combination of the following reasons: " + - sb_reasons.toString(), + sb_reasons.toString(), PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only", - // Remove these from the UI until they can be supported fully. - // PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only", - // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.", + // Remove these from the UI until they can be supported fully. + // PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only", + // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-issuingdistributionpoint", + ";configuration-ca-edit-crlextension-issuingdistributionpoint", IExtendedPluginInfo.HELP_TEXT + - ";The issuing distribution point is a critical CRL extension " + - "that identifies the CRL distribution point for a particular CRL." + ";The issuing distribution point is a critical CRL extension " + + "that identifies the CRL distribution point for a particular CRL." }; return params; @@ -331,6 +329,6 @@ public class CMSIssuingDistributionPointExtension private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSIssuingDistributionPointExtension - " + msg); + "CMSIssuingDistributionPointExtension - " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java index d026cdba..530ca944 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; @@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a group acls evaluator. * <P> @@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("GroupAccessEvaluator: init"); @@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "group" or "at_group" */ public String getType() { @@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -86,13 +86,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * evaluates uid in AuthToken to see if it has membership in - * group value + * group value + * * @param authToken authentication token * @param type must be "at_group" * @param op must be "=" * @param value the group name * @return true if AuthToken uid belongs to the group value, - * false otherwise + * false otherwise */ public boolean evaluate(IAuthToken authToken, String type, String op, String value) { @@ -104,17 +105,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (uid == null) { uid = authToken.getInString("uid"); if (uid == null) { - CMS.debug("GroupAccessEvaluator: evaluate: uid null"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); - return false; + CMS.debug("GroupAccessEvaluator: evaluate: uid null"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); + return false; } } - CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value); + CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" + value); String groupname = authToken.getInString("gid"); if (groupname != null) { - CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname); + CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" + groupname); if (op.equals("=")) { return groupname.equals(Utils.stripQuotes(value)); } else if (op.equals("!=")) { @@ -123,12 +124,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } else { CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken"); IUser id = null; - try { - id = mUG.getUser(uid); - } catch (EBaseException e) { + try { + id = mUG.getUser(uid); + } catch (EBaseException e) { CMS.debug("GroupAccessEvaluator: " + e.toString()); return false; - } + } if (op.equals("=")) { return mUG.isMemberOf(id, Utils.stripQuotes(value)); @@ -143,12 +144,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * evaluates uid in SessionContext to see if it has membership in - * group value + * group value + * * @param type must be "group" * @param op must be "=" * @param value the group name * @return true if SessionContext uid belongs to the group value, - * false otherwise + * false otherwise */ public boolean evaluate(String type, String op, String value) { @@ -161,12 +163,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); return false; } - if (op.equals("=")) + if (op.equals("=")) return mUG.isMemberOf(id, Utils.stripQuotes(value)); else return !(mUG.isMemberOf(id, Utils.stripQuotes(value))); - - } + + } return false; } @@ -175,7 +177,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "GroupAccessEvaluator: " + msg); + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java index a5c99eeb..17d38368 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** * A class represents a IP address acls evaluator. * <P> @@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { } /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: ipaddress */ public String getType() { @@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -75,6 +75,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * Gets the IP address from session context + * * @param authToken authentication token * @param type must be "ipaddress" * @param op must be "=" or "!=" @@ -87,12 +88,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * evaluates uid in SessionContext to see if it has membership in - * group value + * group value + * * @param type must be "group" * @param op must be "=" * @param value the group name * @return true if SessionContext uid belongs to the group value, - * false otherwise + * false otherwise */ public boolean evaluate(String type, String op, String value) { @@ -106,13 +108,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL")); return false; } - if (op.equals("=")) { + if (op.equals("=")) { return ipaddress.matches(value); } else { return !(ipaddress.matches(value)); } - - } + + } return false; } @@ -121,6 +123,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "GroupAccessEvaluator: " + msg); + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java index 4b6b5677..bf7727c9 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a user acls evaluator. * <P> @@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserAccessEvaluator: init"); @@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "user" or "at_user" */ public String getType() { @@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -80,6 +80,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value + * * @param authToken AuthToken from authentication * @param type must be "at_user" * @param op must be "=" @@ -92,9 +93,9 @@ public class UserAccessEvaluator implements IAccessEvaluator { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -108,13 +109,14 @@ public class UserAccessEvaluator implements IAccessEvaluator { return s.equalsIgnoreCase(uid); else if (op.equals("!=")) return !(s.equalsIgnoreCase(uid)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value + * * @param type must be "user" * @param op must be "=" * @param value the user id @@ -145,7 +147,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "UserAccessEvaluator: " + msg); + level, "UserAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java index b1b406c0..442828e7 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -26,10 +25,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a user-origreq uid mapping acls evaluator. - * This is primarily used for renewal. During renewal, the orig_req + * This is primarily used for renewal. During renewal, the orig_req * uid is placed in the SessionContext of the renewal session context * to be evaluated by this evaluator * <P> @@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserOrigReqAccessEvaluator: init"); @@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "user_origreq" or "at_user_origreq" */ public String getType() { @@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -84,6 +84,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value + * * @param authToken AuthToken from authentication * @param type must be "at_userreq" * @param op must be "=" @@ -96,9 +97,9 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -107,30 +108,31 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null"); return false; } else - CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" + uid); // find value of param in request SessionContext mSC = SessionContext.getContext(); - CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext"); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " + "orig_req." + s + " in SessionContext"); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req."+s); + String orig_id = (String) mSC.get("orig_req." + s); if (orig_id == null) { CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null"); return false; } - CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" + orig_id); if (op.equals("=")) return uid.equalsIgnoreCase(orig_id); else if (op.equals("!=")) return !(uid.equalsIgnoreCase(orig_id)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value + * * @param type must be "user_origreq" * @param op must be "=" * @param value the user id @@ -141,7 +143,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { SessionContext mSC = SessionContext.getContext(); if (type.equals(mType)) { -// what do I do with s here? + // what do I do with s here? String s = Utils.stripQuotes(value); if (s.equals(ANYBODY) && op.equals("=")) @@ -149,7 +151,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { IUser id = (IUser) mSC.get(SessionContext.USER); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req"+s); + String orig_id = (String) mSC.get("orig_req" + s); if (op.equals("=")) return id.getName().equalsIgnoreCase(orig_id); diff --git a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java index 8488ec2d..5b8176da 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java +++ b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.io.IOException; import java.util.Hashtable; @@ -36,11 +35,10 @@ import com.netscape.certsrv.notification.IEmailTemplate; import com.netscape.certsrv.notification.IMailNotification; import com.netscape.certsrv.request.IRequest; - /** * This abstract class is a base job for real job extentions for the - * Jobs Scheduler. - * + * Jobs Scheduler. + * * @version $Revision$, $Date$ * @see com.netscape.certsrv.jobs.IJob */ @@ -81,8 +79,9 @@ public abstract class AJobBase implements IJob, Runnable { /** * tells if the job is enabled + * * @return a boolean value indicating whether the job is enabled - * or not + * or not */ public boolean isEnabled() { boolean enabled = false; @@ -98,16 +97,17 @@ public abstract class AJobBase implements IJob, Runnable { * abstract methods ***********************/ public abstract void init(ISubsystem owner, String id, String implName, IConfigStore - config) throws EBaseException; + config) throws EBaseException; public abstract void run(); /*********************** * public methods ***********************/ - + /** * get instance id. + * * @return a String identifier */ public String getId() { @@ -116,6 +116,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * set instance id. + * * @param id String id of the instance */ public void setId(String id) { @@ -124,6 +125,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * get cron string associated with this job + * * @return a JobCron object that represents the schedule of this job */ public IJobCron getJobCron() { @@ -132,6 +134,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * gets the plugin name of this job. + * * @return a String that is the name of this implementation */ public String getImplName() { @@ -140,6 +143,7 @@ public abstract class AJobBase implements IJob, Runnable { /** * Gets the configuration substore used by this job + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -193,29 +197,29 @@ public abstract class AJobBase implements IJob, Runnable { } catch (ENotificationException e) { // already logged, lets audit mLogger.log(ILogger.EV_AUDIT, null, - ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); } catch (IOException e) { // already logged, lets audit mLogger.log(ILogger.EV_AUDIT, null, - ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString())); } } protected void buildItemParams(X509CertImpl cert) { mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, - (Object) cert.getSerialNumber().toString()); + (Object) cert.getSerialNumber().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, - (Object) cert.getSerialNumber().toString(16)); + (Object) cert.getSerialNumber().toString(16)); mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, - (Object) cert.getIssuerDN().toString()); + (Object) cert.getIssuerDN().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, - (Object) cert.getSubjectDN().toString()); + (Object) cert.getSubjectDN().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER, - (Object) cert.getNotAfter().toString()); + (Object) cert.getNotAfter().toString()); mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE, - (Object) cert.getNotBefore().toString()); + (Object) cert.getNotBefore().toString()); // ... and more } @@ -258,7 +262,8 @@ public abstract class AJobBase implements IJob, Runnable { } /** - * logs an entry in the log file. Used by classes extending this class. + * logs an entry in the log file. Used by classes extending this class. + * * @param level log level * @param msg log message in String */ @@ -266,21 +271,21 @@ public abstract class AJobBase implements IJob, Runnable { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, mId + ": " + msg); + level, mId + ": " + msg); } /** - * capable of logging multiline entry in the log file. Used by classes extending this class. + * capable of logging multiline entry in the log file. Used by classes extending this class. + * * @param level log level * @param msg log message in String * @param multiline boolean indicating whether the message is a - * multi-lined message. + * multi-lined message. */ public void log(int level, String msg, boolean multiline) { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, mId + ": " + msg, multiline); + level, mId + ": " + msg, multiline); } } - diff --git a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java index a23cc1f3..29c5f21a 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.security.cert.X509Certificate; import java.text.DateFormat; import java.util.Date; @@ -46,38 +45,25 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; - /** - * a job for the Jobs Scheduler. This job checks in the internal ldap + * a job for the Jobs Scheduler. This job checks in the internal ldap * db for valid certs that have not been published to the * publishing directory. * <p> * the $TOKENS that are available for the this jobs's summary outer form are:<br> * <UL> - * $Status - * $InstanceID - * $SummaryItemList - * $SummaryTotalNum - * $SummaryTotalSuccess - * $SummaryTotalfailure - * $ExecutionTime + * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess $SummaryTotalfailure $ExecutionTime * </UL> * and for the inner list items: * <UL> - * $SerialNumber - * $IssuerDN - * $SubjectDN - * $NotAfter - * $NotBefore - * $RequestorEmail - * $CertType + * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail $CertType * </UL> - * + * * @version $Revision$, $Date$ */ public class PublishCertsJob extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { - + implements IJob, Runnable, IExtendedPluginInfo { + ICertificateAuthority mCa = null; IRequestQueue mReqQ = null; ICertificateRepository mRepository = null; @@ -90,15 +76,15 @@ public class PublishCertsJob extends AJobBase * console. */ protected static String[] mConfigParams = - new String[] { - "enabled", - "cron", - "summary.enabled", - "summary.emailSubject", - "summary.emailTemplate", - "summary.itemTemplate", - "summary.senderEmail", - "summary.recipientEmail" + new String[] { + "enabled", + "cron", + "summary.enabled", + "summary.emailSubject", + "summary.emailTemplate", + "summary.itemTemplate", + "summary.senderEmail", + "summary.recipientEmail" }; /* Vector of extendedPluginInfo strings */ @@ -110,24 +96,24 @@ public class PublishCertsJob extends AJobBase public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for valid certificates in the " + - "database, that have not been published and publish them to " + - "the publishing directory", + "; A job that checks for valid certificates in the " + + "database, that have not been published and publish them to " + + "the publishing directory", "cron;string;Format: minute hour dayOfMonth month " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", "summary.senderEmail;string;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", "summary.recipientEmail;string;Who should receive summaries", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enable the summary. You must enabled " + - "this for the job to work.", + "this for the job to work.", "summary.emailSubject;string;Subject of summary email", "summary.emailTemplate;string;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "summary.itemTemplate;string;Fully qualified pathname of " + - "file containing template for each item", + "file containing template for each item", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-unpublishexpiredjobs", + ";configuration-jobrules-unpublishexpiredjobs", }; return s; @@ -151,13 +137,13 @@ public class PublishCertsJob extends AJobBase mReqQ = mCa.getRequestQueue(); mRepository = (ICertificateRepository) mCa.getCertificateRepository(); mPublisherProcessor = mCa.getPublisherProcessor(); - + // read from the configuration file mCron = mConfig.getString(IJobCron.PROP_CRON); if (mCron == null) { return; } - + // parse cron string into a JobCron class IJobsScheduler scheduler = (IJobsScheduler) owner; @@ -182,12 +168,12 @@ public class PublishCertsJob extends AJobBase * look in the internal db for certificateRecords that are * valid but not published * The publish() method should set <b>InLdapPublishDir</b> flag accordingly. - * if publish unsuccessfully, log it -- unsuccessful certs should be - * picked up and attempted again at the next scheduled run + * if publish unsuccessfully, log it -- unsuccessful certs should be + * picked up and attempted again at the next scheduled run */ public void run() { - CMS.debug("in PublishCertsJob "+ - getId()+ " : run()"); + CMS.debug("in PublishCertsJob " + + getId() + " : run()"); // get time now..."now" is before the loop Date date = CMS.getCurrentDate(); long now = date.getTime(); @@ -196,8 +182,8 @@ public class PublishCertsJob extends AJobBase // form filter String filter = // might need to use "metaInfo" - "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH + - ":true))"; + "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH + + ":true))"; Enumeration unpublishedCerts = null; @@ -225,28 +211,29 @@ public class PublishCertsJob extends AJobBase itemForm = getTemplateContent(mItemForm); } - // filter out the invalid ones and publish them + // filter out the invalid ones and publish them // publish() will set inLdapPublishDir flag while (unpublishedCerts != null && unpublishedCerts.hasMoreElements()) { ICertRecord rec = (ICertRecord) unpublishedCerts.nextElement(); - if (rec == null) break; + if (rec == null) + break; X509CertImpl cert = rec.getCertificate(); - Date notBefore = cert.getNotBefore(); - Date notAfter = cert.getNotAfter(); + Date notBefore = cert.getNotBefore(); + Date notAfter = cert.getNotAfter(); - // skip CA certs - if (cert.getBasicConstraintsIsCA() == true) - continue; + // skip CA certs + if (cert.getBasicConstraintsIsCA() == true) + continue; - // skip the expired certs - if (notAfter.before(date)) - continue; + // skip the expired certs + if (notAfter.before(date)) + continue; if (mSummary == true) buildItemParams(cert); - // get request id from cert record MetaInfo + // get request id from cert record MetaInfo MetaInfo minfo = null; try { @@ -255,42 +242,42 @@ public class PublishCertsJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_INFO_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_INFO_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } String ridString = null; try { if (minfo != null) - ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); } catch (EBaseException e) { negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } catch (NullPointerException e) { // no requestId in MetaInfo...skip to next record negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } if (ridString != null) { RequestId rid = new RequestId(ridString); - + // get request from request id IRequest req = null; @@ -304,19 +291,19 @@ public class PublishCertsJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.publishCert((X509Certificate) cert, req); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -325,22 +312,22 @@ public class PublishCertsJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_PUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_PUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString != null else { try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.publishCert((X509Certificate) cert, null); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -350,12 +337,12 @@ public class PublishCertsJob extends AJobBase if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); + STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_PUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_PUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString == null @@ -365,7 +352,7 @@ public class PublishCertsJob extends AJobBase // if summary is enabled, form the item content if (mSummary) { IEmailFormProcessor emailItemFormProcessor = - CMS.getEmailFormProcessor(); + CMS.getEmailFormProcessor(); String c = emailItemFormProcessor.getEmailContent(itemForm, mItemParams); @@ -381,36 +368,35 @@ public class PublishCertsJob extends AJobBase // time for summary if (mSummary == true) { buildContentParams(IEmailFormProcessor.TOKEN_ID, - mId); + mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST, - itemListContent); + itemListContent); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(count + negCount)); + String.valueOf(count + negCount)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, - String.valueOf(count)); + String.valueOf(count)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM, - String.valueOf(negCount)); + String.valueOf(negCount)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); + nowString); IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor(); String mailContent = - emailFormProcessor.getEmailContent(contentForm, - mContentParams); + emailFormProcessor.getEmailContent(contentForm, + mContentParams); mailSummary(mailContent); } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } } - diff --git a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java index 8649cf23..2a3fffed 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.io.IOException; import java.text.DateFormat; import java.util.Calendar; @@ -49,12 +48,11 @@ import com.netscape.certsrv.notification.IMailNotification; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; - /** - * A job for the Jobs Scheduler. This job checks in the internal ldap + * A job for the Jobs Scheduler. This job checks in the internal ldap * db for certs about to expire within the next configurable days and * sends email notifications to the appropriate recipients. - * + * * the $TOKENS that are available for the this jobs's summary outer form are:<br > * <UL> @@ -79,14 +77,14 @@ import com.netscape.certsrv.request.RequestId; * <LI>$HttpHost * <LI>$HttpPort * </UL> - * + * * @version $Revision$, $Date$ * @see com.netscape.certsrv.jobs.IJob * @see com.netscape.cms.jobs.AJobBase */ -public class RenewalNotificationJob - extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { +public class RenewalNotificationJob + extends AJobBase + implements IJob, Runnable, IExtendedPluginInfo { // config parameters... public static final String PROP_CRON = "cron"; @@ -98,14 +96,14 @@ public class RenewalNotificationJob /** * This job will send notification at this much time before the - * enpiration date + * enpiration date */ public static final String PROP_NOTIFYTRIGGEROFFSET = - "notifyTriggerOffset"; + "notifyTriggerOffset"; /** * This job will stop sending notification this much time after - * the expiration date + * the expiration date */ public static final String PROP_NOTIFYENDOFFSET = "notifyEndOffset"; @@ -113,13 +111,13 @@ public class RenewalNotificationJob * sender email address as appeared on the notification email */ public static final String PROP_SENDEREMAIL = - "senderEmail"; + "senderEmail"; /** * email subject line as appeared on the notification email */ public static final String PROP_EMAILSUBJECT = - "emailSubject"; + "emailSubject"; /** * location of the template file used for email notification @@ -149,7 +147,7 @@ public class RenewalNotificationJob /** * location of the template file for each item appeared on the - * notification summary + * notification summary */ public static final String PROP_SUMMARY_ITEMTEMPLATE = "summary.itemTemplate"; @@ -159,44 +157,44 @@ public class RenewalNotificationJob * for instances of this implementation can be configured through the * console. */ - protected static String[] mConfigParams = - new String[] { - "enabled", - PROP_CRON, - PROP_PROFILE_ID, - PROP_NOTIFYTRIGGEROFFSET, - PROP_NOTIFYENDOFFSET, - PROP_SENDEREMAIL, - PROP_EMAILSUBJECT, - PROP_EMAILTEMPLATE, - "summary.enabled", - PROP_SUMMARY_RECIPIENTEMAIL, - PROP_SUMMARY_SENDEREMAIL, - PROP_SUMMARY_SUBJECT, - PROP_SUMMARY_ITEMTEMPLATE, - PROP_SUMMARY_TEMPLATE, + protected static String[] mConfigParams = + new String[] { + "enabled", + PROP_CRON, + PROP_PROFILE_ID, + PROP_NOTIFYTRIGGEROFFSET, + PROP_NOTIFYENDOFFSET, + PROP_SENDEREMAIL, + PROP_EMAILSUBJECT, + PROP_EMAILTEMPLATE, + "summary.enabled", + PROP_SUMMARY_RECIPIENTEMAIL, + PROP_SUMMARY_SENDEREMAIL, + PROP_SUMMARY_SUBJECT, + PROP_SUMMARY_ITEMTEMPLATE, + PROP_SUMMARY_TEMPLATE, }; - + protected ICertificateRepository mCertDB = null; protected ICertificateAuthority mCA = null; protected boolean mSummary = false; protected String mEmailSender = null; protected String mEmailSubject = null; protected String mEmailTemplateName = null; - protected String mSummaryItemTemplateName = null; - protected String mSummaryTemplateName = null; + protected String mSummaryItemTemplateName = null; + protected String mSummaryTemplateName = null; protected boolean mSummaryHTML = false; protected boolean mHTML = false; protected String mHttpHost = null; protected String mHttpPort = null; - private int mPreDays = 0; - private long mPreMS = 0; - private int mPostDays = 0; - private long mPostMS = 0; - private int mMaxNotifyCount = 1; - private String[] mProfileId = null; + private int mPreDays = 0; + private long mPreMS = 0; + private int mPostDays = 0; + private long mPostMS = 0; + private int mMaxNotifyCount = 1; + private String[] mProfileId = null; /* Vector of extendedPluginInfo strings */ protected static Vector mExtendedPluginInfo = null; @@ -207,8 +205,8 @@ public class RenewalNotificationJob /** * class constructor - */ - public RenewalNotificationJob () { + */ + public RenewalNotificationJob() { } /** @@ -217,48 +215,49 @@ public class RenewalNotificationJob public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for expiring or expired certs" + - "notifyTriggerOffset before and notifyEndOffset after " + - "the expiration date", - - PROP_PROFILE_ID + ";string;Specify the ID of the profile which "+ - "approved the certificates that are about to expire. For multiple "+ - "profiles, each entry is separated by white space. For example, " + - "if the administrator just wants to give automated notification " + - "when the SSL server certificates are about to expire, then "+ - "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. "+ - "Blank field means all profiles.", + "; A job that checks for expiring or expired certs" + + "notifyTriggerOffset before and notifyEndOffset after " + + "the expiration date", + + PROP_PROFILE_ID + ";string;Specify the ID of the profile which " + + "approved the certificates that are about to expire. For multiple " + + "profiles, each entry is separated by white space. For example, " + + "if the administrator just wants to give automated notification " + + "when the SSL server certificates are about to expire, then " + + "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. " + + "Blank field means all profiles.", PROP_NOTIFYTRIGGEROFFSET + ";number,required;How long (in days) before " + - "certificate expiration will the first notification " + - "be sent", + "certificate expiration will the first notification " + + "be sent", PROP_NOTIFYENDOFFSET + ";number,required;How long (in days) after " + - "certificate expiration will notifications " + - "continue to be resent if certificate is not renewed", + "certificate expiration will notifications " + + "continue to be resent if certificate is not renewed", PROP_CRON + ";string,required;Format: minute hour dayOfMonth Mmonth " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", PROP_SENDEREMAIL + ";string,required;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", PROP_EMAILSUBJECT + ";string,required;Email subject", PROP_EMAILTEMPLATE + ";string,required;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enabled sending of summaries", PROP_SUMMARY_SENDEREMAIL + ";string,required;Sender email address of summary", PROP_SUMMARY_RECIPIENTEMAIL + ";string,required;Who should receive summaries", PROP_SUMMARY_SUBJECT + ";string,required;Subject of summary email", PROP_SUMMARY_TEMPLATE + ";string,required;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", PROP_SUMMARY_ITEMTEMPLATE + ";string,required;Fully qualified pathname of " + - "file with template to be used for each summary item", + "file with template to be used for each summary item", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-renewalnotification", + ";configuration-jobrules-renewalnotification", }; return s; } - + /** * Initialize from the configuration file. + * * @param id String name of this instance * @param implName string name of this implementation * @param config configuration store for this instance @@ -289,10 +288,10 @@ public class RenewalNotificationJob mJobCron = scheduler.createJobCron(mCron); } - + /** * finds out which cert needs notification and notifies the - * responsible parties + * responsible parties */ public void run() { // for forming renewal URL at template @@ -301,7 +300,7 @@ public class RenewalNotificationJob // read from the configuration file try { - mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in days + mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in days mPostDays = mConfig.getInteger(PROP_NOTIFYENDOFFSET, 15); // in days mEmailSender = mConfig.getString(PROP_SENDEREMAIL); @@ -314,19 +313,19 @@ public class RenewalNotificationJob if (sc.getBoolean(PROP_ENABLED, false)) { mSummary = true; mSummaryItemTemplateName = - mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE); + mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE); mSummarySenderEmail = - mConfig.getString(PROP_SUMMARY_SENDEREMAIL); + mConfig.getString(PROP_SUMMARY_SENDEREMAIL); mSummaryReceiverEmail = - mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL); + mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL); mSummaryMailSubject = - mConfig.getString(PROP_SUMMARY_SUBJECT); + mConfig.getString(PROP_SUMMARY_SUBJECT); mSummaryTemplateName = - mConfig.getString(PROP_SUMMARY_TEMPLATE); + mConfig.getString(PROP_SUMMARY_TEMPLATE); } else { mSummary = false; } - + long msperday = 86400 * 1000; long mspredays = mPreDays; long mspostdays = mPostDays; @@ -347,9 +346,9 @@ public class RenewalNotificationJob * if notified successfully, mark "STATUS_SUCCESS", * else, if notified unsuccessfully, mark "STATUS_FAILURE". */ - + /* 1) make target notAfter string */ - + Date expiryDate = null; Date stopDate = null; @@ -360,13 +359,13 @@ public class RenewalNotificationJob expiryDate = new Date(expiryMS); stopDate = new Date(stopMS); - + // All cert records which: // 1) expire before the deadline // 2) have not already been renewed // filter format: // (& (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED)) - + StringBuffer f = new StringBuffer(); String profileId = ""; try { @@ -374,24 +373,24 @@ public class RenewalNotificationJob } catch (EBaseException ee) { } - if (profileId != null && profileId.length() > 0) { + if (profileId != null && profileId.length() > 0) { StringTokenizer tokenizer = new StringTokenizer(profileId); int num = tokenizer.countTokens(); mProfileId = new String[num]; - for (int i=0; i<num; i++) + for (int i = 0; i < num; i++) mProfileId[i] = tokenizer.nextToken(); } f.append("(&"); if (mProfileId != null) { if (mProfileId.length == 1) - f.append("("+ICertRecord.ATTR_META_INFO+ "=" + - ICertRecord.META_PROFILE_ID +":"+mProfileId[0]+")"); + f.append("(" + ICertRecord.ATTR_META_INFO + "=" + + ICertRecord.META_PROFILE_ID + ":" + mProfileId[0] + ")"); else { f.append("(|"); - for (int i=0; i<mProfileId.length; i++) { - f.append("("+ICertRecord.ATTR_META_INFO+ "=" + - ICertRecord.META_PROFILE_ID +":"+mProfileId[i]+")"); + for (int i = 0; i < mProfileId.length; i++) { + f.append("(" + ICertRecord.ATTR_META_INFO + "=" + + ICertRecord.META_PROFILE_ID + ":" + mProfileId[i] + ")"); } f.append(")"); } @@ -407,7 +406,7 @@ public class RenewalNotificationJob String filter = f.toString(); String emailTemplate = - getTemplateContent(mEmailTemplateName); + getTemplateContent(mEmailTemplateName); mHTML = mMailHTML; @@ -415,7 +414,7 @@ public class RenewalNotificationJob String summaryItemTemplate = null; if (mSummary == true) { - summaryItemTemplate = + summaryItemTemplate = getTemplateContent(mSummaryItemTemplateName); } @@ -423,7 +422,7 @@ public class RenewalNotificationJob CertRecProcessor cp = new CertRecProcessor(this, emailTemplate, summaryItemTemplate, ic); //CertRecordList list = mCertDB.findCertRecordsInList(filter, null, "serialno", 5); //list.processCertRecords(0, list.getSize() - 1, cp); - + Enumeration en = mCertDB.findCertRecs(filter); while (en.hasMoreElements()) { @@ -436,36 +435,36 @@ public class RenewalNotificationJob log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_FAILED_PROCESS", e.toString())); } } - + // Now send the summary if (mSummary == true) { try { String summaryTemplate = - getTemplateContent(mSummaryTemplateName); + getTemplateContent(mSummaryTemplateName); mSummaryHTML = mMailHTML; buildContentParams(IEmailFormProcessor.TOKEN_ID, - mId); + mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST, - ic.mItemListContent); + ic.mItemListContent); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(ic.mNumFail + ic.mNumSuccessful)); - buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, - String.valueOf(ic.mNumSuccessful)); + String.valueOf(ic.mNumFail + ic.mNumSuccessful)); + buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, + String.valueOf(ic.mNumSuccessful)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM, - String.valueOf(ic.mNumFail)); + String.valueOf(ic.mNumFail)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); - + nowString); + IEmailFormProcessor summaryEmfp = CMS.getEmailFormProcessor(); - String summaryContent = - summaryEmfp.getEmailContent(summaryTemplate, - mContentParams); + String summaryContent = + summaryEmfp.getEmailContent(summaryTemplate, + mContentParams); if (summaryContent == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL")); @@ -490,38 +489,43 @@ public class RenewalNotificationJob /** * get instance id. + * * @return a String identifier */ public String getId() { return mId; } - + /** * set instance id. + * * @param id String id of the instance */ public void setId(String id) { mId = id; } - + /** * get cron string associated with this job + * * @return a JobCron object that represents the schedule of this job */ public IJobCron getJobCron() { return mJobCron; } - + /** * gets the plugin name of this job. + * * @return a String that is the name of this implementation */ public String getImplName() { return mImplName; } - + /** * Gets the configuration substore used by this job + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -529,11 +533,11 @@ public class RenewalNotificationJob } protected void mailUser(String subject, - String msg, - String sender, - IRequest req, - ICertRecord cr) - throws IOException, ENotificationException, EBaseException { + String msg, + String sender, + IRequest req, + ICertRecord cr) + throws IOException, ENotificationException, EBaseException { IMailNotification mn = CMS.getMailNotification(); @@ -568,13 +572,18 @@ public class RenewalNotificationJob mn.setTo(rcp); - if (sender != null) mn.setFrom(sender); - else mn.setFrom("nobody"); + if (sender != null) + mn.setFrom(sender); + else + mn.setFrom("nobody"); - if (subject != null) mn.setSubject(subject); - else mn.setFrom("Important message from Certificate Authority"); + if (subject != null) + mn.setSubject(subject); + else + mn.setFrom("Important message from Certificate Authority"); - if (mHTML == true) mn.setContentType("text/html"); + if (mHTML == true) + mn.setContentType("text/html"); String failedString = null; @@ -584,10 +593,10 @@ public class RenewalNotificationJob } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -595,15 +604,14 @@ public class RenewalNotificationJob } } - class CertRecProcessor implements IElementProcessor { protected RenewalNotificationJob mJob; protected String mEmailTemplate; protected String mSummaryItemTemplate; protected ItemCounter mIC; - public CertRecProcessor(RenewalNotificationJob job, String emailTemplate, - String summaryItemTemplate, ItemCounter ic) { + public CertRecProcessor(RenewalNotificationJob job, String emailTemplate, + String summaryItemTemplate, ItemCounter ic) { mJob = job; mEmailTemplate = emailTemplate; mSummaryItemTemplate = summaryItemTemplate; @@ -621,9 +629,9 @@ class CertRecProcessor implements IElementProcessor { if (cr != null) { mJob.buildItemParams(cr.getCertificate()); mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_HOST, - mJob.mHttpHost); + mJob.mHttpHost); mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT, mJob.mHttpPort); - + MetaInfo metaInfo = null; metaInfo = (MetaInfo) cr.get(ICertRecord.ATTR_META_INFO); @@ -632,10 +640,10 @@ class CertRecProcessor implements IElementProcessor { numFailCounted = true; if (mJob.mSummary == true) mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - AJobBase.STATUS_FAILURE); - mJob.log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_GET_CERT_ERROR", - cr.getCertificate().getSerialNumber().toString(16))); + AJobBase.STATUS_FAILURE); + mJob.log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_GET_CERT_ERROR", + cr.getCertificate().getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -645,54 +653,54 @@ class CertRecProcessor implements IElementProcessor { if (ridString != null) { RequestId rid = new RequestId(ridString); - + try { req = mJob.mCA.getRequestQueue().findRequest(rid); } catch (Exception e) { // it is ok not to be able to get the request. The main reason // to get the request is to retrieve the requestor's email. // We can retrieve the email from the CertRecord. - CMS.debug("huh RenewalNotificationJob Exception: "+e.toString()); + CMS.debug("huh RenewalNotificationJob Exception: " + e.toString()); } if (req != null) mJob.buildItemParams(req); } // ridString != null - try { + try { // send mail to user - + IEmailFormProcessor emfp = CMS.getEmailFormProcessor(); String message = emfp.getEmailContent(mEmailTemplate, mJob.mItemParams); mJob.mailUser(mJob.mEmailSubject, - message, - mJob.mEmailSender, - req, - cr); - + message, + mJob.mEmailSender, + req, + cr); + mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - AJobBase.STATUS_SUCCESS); - + AJobBase.STATUS_SUCCESS); + mIC.mNumSuccessful++; - + } catch (Exception e) { - CMS.debug("RenewalNotificationJob Exception: "+e.toString()); + CMS.debug("RenewalNotificationJob Exception: " + e.toString()); mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, AJobBase.STATUS_FAILURE); mJob.log(ILogger.LL_FAILURE, e.toString(), ILogger.L_MULTILINE); if (numFailCounted == false) { mIC.mNumFail++; } } - + if (mJob.mSummary == true) { IEmailFormProcessor summaryItemEmfp = - CMS.getEmailFormProcessor(); - String c = - summaryItemEmfp.getEmailContent(mSummaryItemTemplate, - mJob.mItemParams); - + CMS.getEmailFormProcessor(); + String c = + summaryItemEmfp.getEmailContent(mSummaryItemTemplate, + mJob.mItemParams); + if (mIC.mItemListContent == null) { mIC.mItemListContent = c; } else { @@ -702,7 +710,6 @@ class CertRecProcessor implements IElementProcessor { } } - class ItemCounter { public int mNumSuccessful = 0; public int mNumFail = 0; diff --git a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java index 07a35a9d..0a3bf0e1 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.text.DateFormat; import java.util.Date; import java.util.Locale; @@ -37,25 +36,22 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; - /** - * A job for the Jobs Scheduler. This job checks in the internal ldap + * A job for the Jobs Scheduler. This job checks in the internal ldap * db for requests currently in the request queue and send a summary * report to the administrator * <p> * the $TOKENS that are available for the this jobs's summary outer form are:<br> * <UL> - * $InstanceID - * $SummaryTotalNum - * $ExecutionTime + * $InstanceID $SummaryTotalNum $ExecutionTime * </UL> - * + * * @version $Revision$, $Date$ * @see com.netscape.certsrv.jobs.IJob * @see com.netscape.cms.jobs.AJobBase */ public class RequestInQueueJob extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { + implements IJob, Runnable, IExtendedPluginInfo { protected static final String PROP_SUBSYSTEM_ID = "subsystemId"; IAuthority mSub = null; @@ -68,15 +64,15 @@ public class RequestInQueueJob extends AJobBase * console. */ protected static String[] mConfigParams = - new String[] { - "enabled", - "cron", - "subsystemId", - "summary.enabled", - "summary.emailSubject", - "summary.emailTemplate", - "summary.senderEmail", - "summary.recipientEmail" + new String[] { + "enabled", + "cron", + "subsystemId", + "summary.enabled", + "summary.emailSubject", + "summary.emailTemplate", + "summary.senderEmail", + "summary.recipientEmail" }; /** @@ -85,30 +81,31 @@ public class RequestInQueueJob extends AJobBase public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for enrollment requests in the " + - "queue, and reports to recipientEmail", + "; A job that checks for enrollment requests in the " + + "queue, and reports to recipientEmail", "cron;string;Format: minute hour dayOfMonth month " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", "summary.senderEmail;string;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", "summary.recipientEmail;string;Who should receive summaries", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enable the summary. You must enabled " + - "this for the job to work.", + "this for the job to work.", "summary.emailSubject;string;Subject of summary email", "summary.emailTemplate;string;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "subsystemId;choice(ca,ra);The type of subsystem this job is " + - "for", + "for", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-requestinqueuejob", + ";configuration-jobrules-requestinqueuejob", }; return s; } - + /** * initialize from the configuration file + * * @param id String name of this instance * @param implName string name of this implementation * @param config configuration store for this instance @@ -137,7 +134,7 @@ public class RequestInQueueJob extends AJobBase if (mCron == null) { return; } - + // parse cron string into a JobCron class IJobsScheduler scheduler = (IJobsScheduler) owner; @@ -162,7 +159,8 @@ public class RequestInQueueJob extends AJobBase * summarize the queue status and mail it */ public void run() { - if (mSummary == false) return; + if (mSummary == false) + return; Date date = CMS.getCurrentDate(); long now = date.getTime(); @@ -171,7 +169,7 @@ public class RequestInQueueJob extends AJobBase int count = 0; IRequestList list = - mReqQ.listRequestsByStatus(RequestStatus.PENDING); + mReqQ.listRequestsByStatus(RequestStatus.PENDING); while (list != null && list.hasMoreElements()) { RequestId rid = list.nextRequestId(); @@ -196,23 +194,23 @@ public class RequestInQueueJob extends AJobBase buildContentParams(IEmailFormProcessor.TOKEN_ID, mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(count)); + String.valueOf(count)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); + nowString); IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor(); String mailContent = - emailFormProcessor.getEmailContent(contentForm, - mContentParams); + emailFormProcessor.getEmailContent(contentForm, + mContentParams); mailSummary(mailContent); } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { diff --git a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java index 6a0a6d03..6aea0c51 100644 --- a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java +++ b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.jobs; - import java.security.cert.X509Certificate; import java.text.DateFormat; import java.util.Date; @@ -46,38 +45,25 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; - /** - * a job for the Jobs Scheduler. This job checks in the internal ldap + * a job for the Jobs Scheduler. This job checks in the internal ldap * db for certs that have expired and remove them from the ldap * publishing directory. * <p> * the $TOKENS that are available for the this jobs's summary outer form are:<br> * <UL> - * $Status - * $InstanceID - * $SummaryItemList - * $SummaryTotalNum - * $SummaryTotalSuccess - * $SummaryTotalfailure - * $ExecutionTime + * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess $SummaryTotalfailure $ExecutionTime * </UL> * and for the inner list items: * <UL> - * $SerialNumber - * $IssuerDN - * $SubjectDN - * $NotAfter - * $NotBefore - * $RequestorEmail - * $CertType + * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail $CertType * </UL> - * + * * @version $Revision$, $Date$ */ public class UnpublishExpiredJob extends AJobBase - implements IJob, Runnable, IExtendedPluginInfo { - + implements IJob, Runnable, IExtendedPluginInfo { + ICertificateAuthority mCa = null; IRequestQueue mReqQ = null; ICertificateRepository mRepository = null; @@ -90,15 +76,15 @@ public class UnpublishExpiredJob extends AJobBase * console. */ protected static String[] mConfigParams = - new String[] { - "enabled", - "cron", - "summary.enabled", - "summary.emailSubject", - "summary.emailTemplate", - "summary.itemTemplate", - "summary.senderEmail", - "summary.recipientEmail" + new String[] { + "enabled", + "cron", + "summary.enabled", + "summary.emailSubject", + "summary.emailTemplate", + "summary.itemTemplate", + "summary.senderEmail", + "summary.recipientEmail" }; /* Vector of extendedPluginInfo strings */ @@ -110,24 +96,24 @@ public class UnpublishExpiredJob extends AJobBase public String[] getExtendedPluginInfo(Locale locale) { String s[] = { IExtendedPluginInfo.HELP_TEXT + - "; A job that checks for expired certificates in the " + - "database, and removes them from the publishing " + - "directory", + "; A job that checks for expired certificates in the " + + "database, and removes them from the publishing " + + "directory", "cron;string;Format: minute hour dayOfMonth month " + - "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday", "summary.senderEmail;string;Specify the address to be used " + - "as the email's 'sender'. Bounces go to this address.", + "as the email's 'sender'. Bounces go to this address.", "summary.recipientEmail;string;Who should receive summaries", "enabled;boolean;Enable this plugin", "summary.enabled;boolean;Enable the summary. You must enabled " + - "this for the job to work.", + "this for the job to work.", "summary.emailSubject;string;Subject of summary email", "summary.emailTemplate;string;Fully qualified pathname of " + - "template file of email to be sent", + "template file of email to be sent", "summary.itemTemplate;string;Fully qualified pathname of " + - "file containing template for each item", + "file containing template for each item", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-jobrules-unpublishexpiredjobs", + ";configuration-jobrules-unpublishexpiredjobs", }; return s; @@ -151,13 +137,13 @@ public class UnpublishExpiredJob extends AJobBase mReqQ = mCa.getRequestQueue(); mRepository = (ICertificateRepository) mCa.getCertificateRepository(); mPublisherProcessor = mCa.getPublisherProcessor(); - + // read from the configuration file mCron = mConfig.getString(IJobCron.PROP_CRON); if (mCron == null) { return; } - + // parse cron string into a JobCron class IJobsScheduler scheduler = (IJobsScheduler) owner; @@ -183,8 +169,8 @@ public class UnpublishExpiredJob extends AJobBase * expired. * remove them from ldap publishing directory * if remove successfully, mark <i>false</i> on the - * <b>InLdapPublishDir</b> flag, - * else, if remove unsuccessfully, log it + * <b>InLdapPublishDir</b> flag, + * else, if remove unsuccessfully, log it */ public void run() { // System.out.println("in ExpiredUnpublishJob "+ @@ -197,9 +183,9 @@ public class UnpublishExpiredJob extends AJobBase // form filter String filter = "(&(x509Cert.notAfter<=" + now + - ")(!(x509Cert.notAfter=" + now + "))" + - "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH + - ":true))"; + ")(!(x509Cert.notAfter=" + now + "))" + + "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH + + ":true))"; // a test for without CertRecord.META_LDAPPUBLISH //String filter = "(x509Cert.notAfter<="+ now +")"; @@ -233,13 +219,14 @@ public class UnpublishExpiredJob extends AJobBase while (expired != null && expired.hasMoreElements()) { ICertRecord rec = (ICertRecord) expired.nextElement(); - if (rec == null) break; + if (rec == null) + break; X509CertImpl cert = rec.getCertificate(); if (mSummary == true) buildItemParams(cert); - // get request id from cert record MetaInfo + // get request id from cert record MetaInfo MetaInfo minfo = null; try { @@ -248,42 +235,42 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_INFO_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_INFO_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } String ridString = null; try { if (minfo != null) - ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); } catch (EBaseException e) { negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } catch (NullPointerException e) { // no requestId in MetaInfo...skip to next record negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_META_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_META_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } if (ridString != null) { RequestId rid = new RequestId(ridString); - + // get request from request id IRequest req = null; @@ -297,19 +284,19 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.unpublishCert((X509Certificate) cert, req); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -318,21 +305,21 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString != null else { try { if ((mPublisherProcessor != null) && - mPublisherProcessor.enabled()) { + mPublisherProcessor.enabled()) { mPublisherProcessor.unpublishCert((X509Certificate) cert, null); if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_SUCCESS); + STATUS_SUCCESS); count += 1; } else { negCount += 1; @@ -341,11 +328,11 @@ public class UnpublishExpiredJob extends AJobBase negCount += 1; if (mSummary == true) buildItemParams(IEmailFormProcessor.TOKEN_STATUS, - STATUS_FAILURE); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", - cert.getSerialNumber().toString(16) + - e.toString())); + STATUS_FAILURE); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("JOBS_UNPUBLISH_ERROR", + cert.getSerialNumber().toString(16) + + e.toString())); } } // ridString == null @@ -355,7 +342,7 @@ public class UnpublishExpiredJob extends AJobBase // if summary is enabled, form the item content if (mSummary) { IEmailFormProcessor emailItemFormProcessor = - CMS.getEmailFormProcessor(); + CMS.getEmailFormProcessor(); String c = emailItemFormProcessor.getEmailContent(itemForm, mItemParams); @@ -371,36 +358,35 @@ public class UnpublishExpiredJob extends AJobBase // time for summary if (mSummary == true) { buildContentParams(IEmailFormProcessor.TOKEN_ID, - mId); + mId); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST, - itemListContent); + itemListContent); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM, - String.valueOf(count + negCount)); + String.valueOf(count + negCount)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, - String.valueOf(count)); + String.valueOf(count)); buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM, - String.valueOf(negCount)); + String.valueOf(negCount)); buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, - nowString); + nowString); IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor(); String mailContent = - emailFormProcessor.getEmailContent(contentForm, - mContentParams); + emailFormProcessor.getEmailContent(contentForm, + mContentParams); mailSummary(mailContent); } } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of * this implementation can be configured through the console. - * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { return (mConfigParams); } } - diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java index d238c279..6c9a295b 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.io.File; import java.io.IOException; import java.text.DateFormat; @@ -45,12 +44,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; - /** * a listener for every completed enrollment request * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate is successfully issued: + * Here is a list of available $TOKENs for email notification templates if certificate is successfully issued: * <UL> * <LI>$InstanceID * <LI>$SerialNumber @@ -66,13 +63,12 @@ import com.netscape.certsrv.request.RequestId; * <LI>$RecipientEmail * </UL> * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate request is rejected: + * Here is a list of available $TOKENs for email notification templates if certificate request is rejected: * <UL> * <LI>$RequestId * <LI>$InstanceID * </UL> - * + * * @version $Revision$, $Date$ */ public class CertificateIssuedListener implements IRequestListener { @@ -107,7 +103,7 @@ public class CertificateIssuedListener implements IRequestListener { } public void init(ISubsystem sub, IConfigStore config) - throws EListenersException, EPropertyNotFound, EBaseException { + throws EListenersException, EPropertyNotFound, EBaseException { mSubsystem = (ICertAuthority) sub; mConfig = mSubsystem.getConfigStore(); @@ -130,8 +126,8 @@ public class CertificateIssuedListener implements IRequestListener { if (ridx == -1) { CMS.debug("CertificateIssuedListener: file separator: " + File.separator - + - " not found. Use default /"); + + + " not found. Use default /"); ridx = mFormPath.lastIndexOf("/"); mDir = mFormPath.substring(0, ridx + 1); } else { @@ -166,9 +162,10 @@ public class CertificateIssuedListener implements IRequestListener { } public void accept(IRequest r) { - CMS.debug("CertificateIssuedListener: accept " + - r.getRequestId().toString()); - if (mEnabled != true) return; + CMS.debug("CertificateIssuedListener: accept " + + r.getRequestId().toString()); + if (mEnabled != true) + return; mSubject = mSubject_Success; mReqId = r.getRequestId(); @@ -192,15 +189,15 @@ public class CertificateIssuedListener implements IRequestListener { return; if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { CMS.debug("CertificateIssuedListener: Request errored. " + - "No need to email notify for enrollment request id " + - mReqId); + "No need to email notify for enrollment request id " + + mReqId); return; } } String requestType = r.getRequestType(); if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || - requestType.equals(IRequest.RENEWAL_REQUEST)) { + requestType.equals(IRequest.RENEWAL_REQUEST)) { CMS.debug("accept() enrollment/renewal request..."); // Get the certificate from the request X509CertImpl issuedCert[] = null; @@ -224,10 +221,10 @@ public class CertificateIssuedListener implements IRequestListener { try { keys.set(IEmailResolverKeys.KEY_REQUEST, r); keys.set(IEmailResolverKeys.KEY_CERT, - issuedCert[0]); + issuedCert[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } IEmailResolver er = CMS.getReqCertSANameEmailResolver(); @@ -236,30 +233,30 @@ public class CertificateIssuedListener implements IRequestListener { mEmail = er.getEmail(keys); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } - + // now we can mail if ((mEmail != null) && (!mEmail.equals(""))) { mailIt(mEmail, issuedCert); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", - issuedCert[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", + issuedCert[0].getSerialNumber().toString(), mReqId.toString())); // send failure notification to "sender" mSubject = "Certificate Issued notification undeliverable"; mailIt(mSenderEmail, issuedCert); } - } + } } } @@ -282,7 +279,7 @@ public class CertificateIssuedListener implements IRequestListener { if (!template.init()) { return; } - + buildContentParams(issuedCert, mEmail); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -293,19 +290,19 @@ public class CertificateIssuedListener implements IRequestListener { mn.setContent(c); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", - issuedCert[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", + issuedCert[0].getSerialNumber().toString(), mReqId.toString())); mn.setContent("Serial Number = " + - issuedCert[0].getSerialNumber() + - "; Request ID = " + mReqId); + issuedCert[0].getSerialNumber() + + "; Request ID = " + mReqId); } - + try { mn.sendNotification(); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } @@ -320,7 +317,7 @@ public class CertificateIssuedListener implements IRequestListener { keys.set(IEmailResolverKeys.KEY_REQUEST, r); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } IEmailResolver er = CMS.getReqCertSANameEmailResolver(); @@ -352,17 +349,17 @@ public class CertificateIssuedListener implements IRequestListener { if (!template.init()) { return; } - + if (template.isHTML()) { mn.setContentType("text/html"); } // build some token data mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); mReqId = r.getRequestId(); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); + (Object) mReqId.toString()); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -377,48 +374,48 @@ public class CertificateIssuedListener implements IRequestListener { } catch (ENotificationException e) { // already logged, lets audit log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); } } private void buildContentParams(X509CertImpl issuedCert[], String mEmail) { mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, - (Object) issuedCert[0].getSerialNumber().toString()); + (Object) issuedCert[0].getSerialNumber().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, - (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue())); + (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue())); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); + (Object) mReqId.toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, - (Object) mHttpHost); + (Object) mHttpHost); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, - (Object) mHttpPort); + (Object) mHttpPort); mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, - (Object) issuedCert[0].getIssuerDN().toString()); + (Object) issuedCert[0].getIssuerDN().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, - (Object) issuedCert[0].getSubjectDN().toString()); + (Object) issuedCert[0].getSubjectDN().toString()); Date date = (Date) issuedCert[0].getNotAfter(); mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER, - mDateFormat.format(date)); + mDateFormat.format(date)); date = (Date) issuedCert[0].getNotBefore(); mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE, - mDateFormat.format(date)); + mDateFormat.format(date)); mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, - (Object) mSenderEmail); + (Object) mSenderEmail); mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, - (Object) mEmail); + (Object) mEmail); // ... and more } @@ -448,7 +445,7 @@ public class CertificateIssuedListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java index ca62af5f..841f7186 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -47,12 +46,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; - /** * a listener for every completed enrollment request * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate is successfully issued: + * Here is a list of available $TOKENs for email notification templates if certificate is successfully issued: * <UL> * <LI>$InstanceID * <LI>$SerialNumber @@ -68,13 +65,12 @@ import com.netscape.certsrv.request.RequestId; * <LI>$RecipientEmail * </UL> * <p> - * Here is a list of available $TOKENs for email notification - templates if certificate request is revoked: + * Here is a list of available $TOKENs for email notification templates if certificate request is revoked: * <UL> * <LI>$RequestId * <LI>$InstanceID * </UL> - * + * * @version $Revision$, $Date$ */ public class CertificateRevokedListener implements IRequestListener { @@ -109,7 +105,7 @@ public class CertificateRevokedListener implements IRequestListener { } public void init(ISubsystem sub, IConfigStore config) - throws EListenersException, EPropertyNotFound, EBaseException { + throws EListenersException, EPropertyNotFound, EBaseException { mSubsystem = (ICertAuthority) sub; mConfig = mSubsystem.getConfigStore(); @@ -132,8 +128,8 @@ public class CertificateRevokedListener implements IRequestListener { if (ridx == -1) { CMS.debug("CertificateRevokedListener: file separator: " + File.separator - + - " not found. Use default /"); + + + " not found. Use default /"); ridx = mFormPath.lastIndexOf("/"); mDir = mFormPath.substring(0, ridx + 1); } else { @@ -168,7 +164,8 @@ public class CertificateRevokedListener implements IRequestListener { } public void accept(IRequest r) { - if (mEnabled != true) return; + if (mEnabled != true) + return; mSubject = mSubject_Success; mReqId = r.getRequestId(); @@ -190,18 +187,18 @@ public class CertificateRevokedListener implements IRequestListener { if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { CMS.debug("CertificateRevokedListener: Request errored. " + - "No need to email notify for enrollment request id " + - mReqId); + "No need to email notify for enrollment request id " + + mReqId); return; } - + if (requestType.equals(IRequest.REVOCATION_REQUEST)) { CMS.debug("CertificateRevokedListener: accept() revocation request..."); // Get the certificate from the request //X509CertImpl issuedCert[] = // (X509CertImpl[]) RevokedCertImpl crlentries[] = - r.getExtDataInRevokedCertArray(IRequest.CERT_INFO); + r.getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (crlentries != null) { CMS.debug("CertificateRevokedListener: Sending email notification.."); @@ -213,10 +210,10 @@ public class CertificateRevokedListener implements IRequestListener { try { keys.set(IEmailResolverKeys.KEY_REQUEST, r); keys.set(IEmailResolverKeys.KEY_CERT, - crlentries[0]); + crlentries[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } IEmailResolver er = CMS.getReqCertSANameEmailResolver(); @@ -225,30 +222,30 @@ public class CertificateRevokedListener implements IRequestListener { mEmail = er.getEmail(keys); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", - e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); } - + // now we can mail if ((mEmail != null) && (!mEmail.equals(""))) { mailIt(mEmail, crlentries); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", - crlentries[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", + crlentries[0].getSerialNumber().toString(), mReqId.toString())); // send failure notification to "sender" mSubject = "Certificate Issued notification undeliverable"; mailIt(mSenderEmail, crlentries); } - } + } } } @@ -271,7 +268,7 @@ public class CertificateRevokedListener implements IRequestListener { if (!template.init()) { return; } - + buildContentParams(crlentries, mEmail); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -282,19 +279,19 @@ public class CertificateRevokedListener implements IRequestListener { mn.setContent(c); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", - crlentries[0].getSerialNumber().toString(), mReqId.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", + crlentries[0].getSerialNumber().toString(), mReqId.toString())); mn.setContent("Serial Number = " + - crlentries[0].getSerialNumber() + - "; Request ID = " + mReqId); + crlentries[0].getSerialNumber() + + "; Request ID = " + mReqId); } - + try { mn.sendNotification(); } catch (ENotificationException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } @@ -302,18 +299,18 @@ public class CertificateRevokedListener implements IRequestListener { private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) { mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, - (Object) crlentries[0].getSerialNumber().toString()); + (Object) crlentries[0].getSerialNumber().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, - (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue())); + (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue())); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); + (Object) mReqId.toString()); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, - (Object) mHttpHost); + (Object) mHttpHost); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, - (Object) mHttpPort); - + (Object) mHttpPort); + try { RevokedCertImpl revCert = (RevokedCertImpl) crlentries[0]; ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); @@ -321,22 +318,22 @@ public class CertificateRevokedListener implements IRequestListener { X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber()); mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, - (Object) cert.getIssuerDN().toString()); + (Object) cert.getIssuerDN().toString()); mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, - (Object) cert.getSubjectDN().toString()); + (Object) cert.getSubjectDN().toString()); Date date = (Date) crlentries[0].getRevocationDate(); - + mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE, - mDateFormat.format(date)); + mDateFormat.format(date)); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); } mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, - (Object) mSenderEmail); + (Object) mSenderEmail); mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, - (Object) mEmail); + (Object) mEmail); // ... and more } @@ -366,7 +363,7 @@ public class CertificateRevokedListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, msg); + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java index 2f02774d..c71b9c60 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.util.Hashtable; import netscape.ldap.LDAPAttribute; @@ -39,10 +38,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; - /** * This represnets a listener that removes pin from LDAP directory. - * + * * @version $Revision$, $Date$ */ public class PinRemovalListener implements IRequestListener { @@ -87,18 +85,18 @@ public class PinRemovalListener implements IRequestListener { protected String[] configParams = { "a" }; - public String[] getConfigParams() - throws EBaseException { + public String[] getConfigParams() + throws EBaseException { return configParams; } public void init(ISubsystem sub, IConfigStore config) throws EBaseException { - init(null, null, config); + init(null, null, config); } public void init(String name, String ImplName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = ImplName; mConfig = config; @@ -115,7 +113,8 @@ public class PinRemovalListener implements IRequestListener { } public void accept(IRequest r) { - if (mEnabled != true) return; + if (mEnabled != true) + return; mReqId = r.getRequestId(); @@ -129,7 +128,7 @@ public class PinRemovalListener implements IRequestListener { String requestType = r.getRequestType(); if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || - requestType.equals(IRequest.RENEWAL_REQUEST)) { + requestType.equals(IRequest.RENEWAL_REQUEST)) { String uid = r.getExtDataInString( IRequest.HTTP_PARAMS, "uid"); @@ -144,21 +143,21 @@ public class PinRemovalListener implements IRequestListener { try { LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN, LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); - + if (!res.hasMoreElements()) { log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " + - " server. Could not remove pin"); + " server. Could not remove pin"); return; } LDAPEntry entry = (LDAPEntry) res.nextElement(); userdn = entry.getDN(); - + mRemovePinLdapConnection.modify(userdn, - new LDAPModification( - LDAPModification.DELETE, - new LDAPAttribute(mPinAttr))); + new LDAPModification( + LDAPModification.DELETE, + new LDAPAttribute(mPinAttr))); log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\""); @@ -173,10 +172,9 @@ public class PinRemovalListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "PinRemovalListener: " + msg); + level, "PinRemovalListener: " + msg); } public void set(String name, String val) { } } - diff --git a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java index f5810a46..e5c07520 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.listeners; - import java.io.IOException; import java.util.Hashtable; @@ -39,7 +38,6 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.cms.profile.input.SubjectNameInput; import com.netscape.cms.profile.input.SubmitterInfoInput; - /** * a listener for every request gets into the request queue. * <p> @@ -54,7 +52,7 @@ import com.netscape.cms.profile.input.SubmitterInfoInput; * <LI>$SenderEmail * <LI>$RecipientEmail * </UL> - * + * */ public class RequestInQListener implements IRequestListener { protected static final String PROP_ENABLED = "enabled"; @@ -89,8 +87,8 @@ public class RequestInQListener implements IRequestListener { * initializes the listener from the configuration */ public void init(ISubsystem sub, IConfigStore config) - throws EListenersException, EPropertyNotFound, EBaseException { - + throws EListenersException, EPropertyNotFound, EBaseException { + mSubsystem = (ICertAuthority) sub; mConfig = mSubsystem.getConfigStore(); @@ -118,32 +116,34 @@ public class RequestInQListener implements IRequestListener { // make available http host and port for forming url in templates mHttpHost = CMS.getAgentHost(); mAgentPort = CMS.getAgentPort(); - if (mAgentPort == null) + if (mAgentPort == null) log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND")); else CMS.debug("RequestInQuListener: agentport = " + mAgentPort); - // register for this event listener + // register for this event listener mSubsystem.registerPendingListener(this); } /** * carries out the operation when the listener is triggered. + * * @param r IRequest structure holding the request information * @see com.netscape.certsrv.request.IRequest */ public void accept(IRequest r) { - if (mEnabled != true) return; + if (mEnabled != true) + return; - // regardless of type of request...notify for everything - // no need for email resolver here... + // regardless of type of request...notify for everything + // no need for email resolver here... IMailNotification mn = CMS.getMailNotification(); mn.setFrom(mSenderEmail); mn.setTo(mRecipientEmail); mn.setSubject(mEmailSubject + " (request id: " + - r.getRequestId() + ")"); + r.getRequestId() + ")"); /* * get form file from disk @@ -158,7 +158,7 @@ public class RequestInQListener implements IRequestListener { log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT")); return; } - + buildContentParams(r); IEmailFormProcessor et = CMS.getEmailFormProcessor(); String c = et.getEmailContent(template.toString(), mContentParams); @@ -169,8 +169,8 @@ public class RequestInQListener implements IRequestListener { mn.setContent(c); } else { // log and mail - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET")); mn.setContent("Template not retrievable for Request in Queue notification"); } @@ -179,77 +179,78 @@ public class RequestInQListener implements IRequestListener { } catch (ENotificationException e) { // already logged, lets audit mLogger.log(ILogger.EV_AUDIT, null, - ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); + CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); } } private void buildContentParams(IRequest r) { mContentParams.clear(); mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); + mConfig.getName()); Object val = null; String profileId = r.getExtDataInString("profileId"); if (profileId == null) { - val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail"); + val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail"); } else { - // use the submitter info if available, otherwise, use the - // subject name input email - val = r.getExtDataInString(SubmitterInfoInput.EMAIL); + // use the submitter info if available, otherwise, use the + // subject name input email + val = r.getExtDataInString(SubmitterInfoInput.EMAIL); - if ((val == null) || (((String) val).compareTo("") == 0)) { - val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL); - } + if ((val == null) || (((String) val).compareTo("") == 0)) { + val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL); + } } if (val != null) mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL, - val); + val); if (profileId == null) { - val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); } else { - val = profileId; + val = profileId; } if (val != null) { mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE, - val); + val); } RequestId reqId = r.getRequestId(); mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) reqId.toString()); + (Object) reqId.toString()); mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId); val = r.getRequestType(); if (val != null) mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE, - val); + val); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, - (Object) mHttpHost); + (Object) mHttpHost); mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, - (Object) mAgentPort); + (Object) mAgentPort); mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, - (Object) mSenderEmail); + (Object) mSenderEmail); mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, - (Object) mRecipientEmail); + (Object) mRecipientEmail); } /** * sets the configurable parameters + * * @param name a String represents the name of the configuration parameter to be set * @param val a String containing the value to be set for name */ @@ -277,7 +278,6 @@ public class RequestInQListener implements IRequestListener { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, msg); + level, msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java index 4ab9f281..759b0937 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; - import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Vector; - /** * A log entry of LogFile - * + * * @version $Revision$, $Date$ */ public class LogEntry { @@ -43,7 +41,7 @@ public class LogEntry { /** * Constructor for a LogEntry. - * + * */ public LogEntry(String entry) throws ParseException { mEntry = entry; @@ -52,10 +50,10 @@ public class LogEntry { /** * parse a log entry - * + * * return a vector of the segments of the entry */ - + public Vector parse() throws ParseException { int x = mEntry.indexOf("["); diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java index c2dd7b33..4a3b3cb0 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; - import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.ByteArrayOutputStream; @@ -81,7 +80,7 @@ import com.netscape.cmsutil.util.Utils; /** * A log event listener which write logs to log files - * + * * @version $Revision$, $Date$ **/ public class LogFile implements ILogEventListener, IExtendedPluginInfo { @@ -108,7 +107,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private final static String LOG_SIGNED_AUDIT_EXCEPTION = "LOG_SIGNED_AUDIT_EXCEPTION_1"; - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected IConfigStore mConfig = null; /** @@ -152,7 +151,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * The log date entry format */ - protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern); + protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern); /** * The date object used for log entries @@ -235,13 +234,13 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Constructor for a LogFile. - * + * */ public LogFile() { } - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mConfig = config; try { @@ -263,7 +262,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { mSAuditCertNickName = config.getString( PROP_SIGNED_AUDIT_CERT_NICKNAME); - CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="+ mSAuditCertNickName); + CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname=" + mSAuditCertNickName); } catch (EBaseException e) { throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "." @@ -272,9 +271,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (mSAuditCertNickName == null || mSAuditCertNickName.trim().equals("")) { throw new ELogException(CMS.getUserMessage( - "CMS_BASE_GET_PROPERTY_FAILED", - config.getName() + "." - + PROP_SIGNED_AUDIT_CERT_NICKNAME)); + "CMS_BASE_GET_PROPERTY_FAILED", + config.getName() + "." + + PROP_SIGNED_AUDIT_CERT_NICKNAME)); } } @@ -309,13 +308,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { String eventId = tokens.nextToken().trim(); theVector.addElement(eventId); - CMS.debug("LogFile: log event type selected: "+eventId); + CMS.debug("LogFile: log event type selected: " + eventId); } return theVector; } /** * add the event to the selected events list + * * @param event to be selected */ public void selectEvent(String event) { @@ -325,6 +325,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * remove the event from the selected events list + * * @param event to be de-selected */ public void deselectEvent(String event) { @@ -334,6 +335,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * replace the selected events list + * * @param events comma-separated event list */ public void replaceEvents(String events) { @@ -348,9 +350,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output) + FilterOutputStream(output) ) - ); + ); b64.write(bytes); b64.flush(); @@ -363,7 +365,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { private static boolean mInSignedAuditLogFailureMode = false; private static synchronized void shutdownCMS() { - if( mInSignedAuditLogFailureMode == false ) { + if (mInSignedAuditLogFailureMode == false) { // Set signed audit log failure mode true // No, this isn't a race condition, because the method is @@ -371,7 +373,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { mInSignedAuditLogFailureMode = true; // Block all new incoming requests - if( CMS.areRequestsDisabled() == false ) { + if (CMS.areRequestsDisabled() == false) { // XXX is this a race condition? CMS.disableRequests(); } @@ -389,7 +391,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Initialize and open the log using the parameters from a config store - * + * * @param config The property config store to find values in */ public void init(IConfigStore config) throws IOException, @@ -445,50 +447,50 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // retrieve the subsystem String subsystem = ""; - ISubsystem caSubsystem = CMS.getSubsystem( "ca" ); - if( caSubsystem != null ) { + ISubsystem caSubsystem = CMS.getSubsystem("ca"); + if (caSubsystem != null) { subsystem = "ca"; } - ISubsystem raSubsystem = CMS.getSubsystem( "ra" ); - if( raSubsystem != null ) { + ISubsystem raSubsystem = CMS.getSubsystem("ra"); + if (raSubsystem != null) { subsystem = "ra"; } - ISubsystem kraSubsystem = CMS.getSubsystem( "kra" ); - if( kraSubsystem != null ) { + ISubsystem kraSubsystem = CMS.getSubsystem("kra"); + if (kraSubsystem != null) { subsystem = "kra"; } - ISubsystem ocspSubsystem = CMS.getSubsystem( "ocsp" ); - if( ocspSubsystem != null ) { + ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp"); + if (ocspSubsystem != null) { subsystem = "ocsp"; } // retrieve the instance name String instIDPath = CMS.getInstanceDir(); - int index = instIDPath.lastIndexOf( "/" ); - String instID = instIDPath.substring( index + 1 ); + int index = instIDPath.lastIndexOf("/"); + String instID = instIDPath.substring(index + 1); // build the default signedAudit file name signedAuditDefaultFileName = subsystem + "_" + instID + "_" + "audit"; - } catch( Exception e2 ) { + } catch (Exception e2) { throw new ELogException( - CMS.getUserMessage( "CMS_BASE_GET_PROPERTY_FAILED", + CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "." + - PROP_FILE_NAME ) ); + PROP_FILE_NAME)); } // the default value is determined by the eventType. if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) { defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName; - }else if (mType.equals(ILogger.PROP_SYSTEM)) { + } else if (mType.equals(ILogger.PROP_SYSTEM)) { defaultFileName = "logs/system"; - }else if (mType.equals(ILogger.PROP_AUDIT)) { + } else if (mType.equals(ILogger.PROP_AUDIT)) { defaultFileName = "logs/transactions"; - }else { + } else { //wont get here throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_LOG_TYPE", config.getName())); @@ -502,29 +504,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } if (mOn) { - init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE), - config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL)); + init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE), + config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL)); } } /** * Initialize and open the log - * - * @param bufferSize The buffer size for the output stream in bytes - * @param flushInterval The interval in seconds to flush the log + * + * @param bufferSize The buffer size for the output stream in bytes + * @param flushInterval The interval in seconds to flush the log */ - public void init(String fileName, int bufferSize, int flushInterval) throws IOException,ELogException { + public void init(String fileName, int bufferSize, int flushInterval) throws IOException, ELogException { if (fileName == null) throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_FILE_NAME", "null")); - //If we want to reuse the old log files - //mFileName = fileName + "." + mLogFileDateFormat.format(mDate); + //If we want to reuse the old log files + //mFileName = fileName + "." + mLogFileDateFormat.format(mDate); mFileName = fileName; - if( !Utils.isNT() ) { + if (!Utils.isNT()) { // Always insure that a physical file exists! - Utils.exec( "touch " + mFileName ); - Utils.exec( "chmod 00640 " + mFileName ); + Utils.exec("touch " + mFileName); + Utils.exec("chmod 00640 " + mFileName); } mFile = new File(mFileName); mBufferSize = bufferSize; @@ -540,25 +542,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { Provider[] providers = java.security.Security.getProviders(); int ps = providers.length; - for (int i = 0; i<ps; i++) { - CMS.debug("LogFile: provider "+i+"= "+providers[i].getName()); + for (int i = 0; i < ps; i++) { + CMS.debug("LogFile: provider " + i + "= " + providers[i].getName()); } CryptoManager cm = CryptoManager.getInstance(); // find CertServer's private key - X509Certificate cert = cm.findCertByNickname( mSAuditCertNickName ); + X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName); if (cert != null) { - CMS.debug("LogFile: setupSignig(): found cert:"+mSAuditCertNickName); + CMS.debug("LogFile: setupSignig(): found cert:" + mSAuditCertNickName); } else { - CMS.debug("LogFile: setupSignig(): cert not found:"+mSAuditCertNickName); + CMS.debug("LogFile: setupSignig(): cert not found:" + mSAuditCertNickName); } mSigningKey = cm.findPrivKeyByCert(cert); String sigAlgorithm; - if( mSigningKey instanceof RSAPrivateKey ) { + if (mSigningKey instanceof RSAPrivateKey) { sigAlgorithm = "SHA-256/RSA"; - } else if( mSigningKey instanceof DSAPrivateKey ) { + } else if (mSigningKey instanceof DSAPrivateKey) { sigAlgorithm = "SHA-256/DSA"; } else { throw new NoSuchAlgorithmException("Unknown private key type"); @@ -567,11 +569,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { CryptoToken savedToken = cm.getThreadToken(); try { CryptoToken keyToken = - ((org.mozilla.jss.pkcs11.PK11PrivKey)mSigningKey) - .getOwningToken(); + ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey) + .getOwningToken(); cm.setThreadToken(keyToken); mSignature = java.security.Signature.getInstance(sigAlgorithm, - CRYPTO_PROVIDER); + CRYPTO_PROVIDER); } finally { cm.setThreadToken(savedToken); } @@ -580,7 +582,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // get the last signature from the currently-opened file String entry = getLastSignature(mFile); - if( entry != null ) { + if (entry != null) { mSignature.update(entry.getBytes("UTF-8")); mSignature.update(LINE_SEP_BYTE); } @@ -614,12 +616,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } private static void setupSigningFailure(String logMessageCode, Exception e) - throws EBaseException - { + throws EBaseException { try { - ConsoleError.send( new SystemEvent( - CMS.getLogMessage(logMessageCode))); - } catch(Exception e2) { + ConsoleError.send(new SystemEvent( + CMS.getLogMessage(logMessageCode))); + } catch (Exception e2) { // don't allow an exception while printing to the console // prevent us from running the rest of this function. e2.printStackTrace(); @@ -632,36 +633,35 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Startup the instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit - * function startup + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit function startup * </ul> + * * @exception EBaseException if an internal error occurred */ public void startup() throws EBaseException { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures CMS.debug("LogFile: entering LogFile.startup()"); - if( mOn && mLogSigning ) { + if (mOn && mLogSigning) { try { setupSigning(); - audit( CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, - ILogger.SYSTEM_UID, - ILogger.SUCCESS) ); - } catch(EBaseException e) { - audit( CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, - ILogger.SYSTEM_UID, - ILogger.FAILURE) ); + audit(CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, + ILogger.SYSTEM_UID, + ILogger.SUCCESS)); + } catch (EBaseException e) { + audit(CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP, + ILogger.SYSTEM_UID, + ILogger.FAILURE)); throw e; } } } - /** * Retrieves the eventType this log is triggered. */ @@ -673,7 +673,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { * Retrieves the log on/off. */ public String getOn() { - return String.valueOf( mOn ); + return String.valueOf(mOn); } /** @@ -695,22 +695,21 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Record that the signed audit log has been signed * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the - * audit log is generated (same as "flush" time) + * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the audit log is generated (same as "flush" time) * </ul> + * * @exception IOException for input/output problems * @exception ELogException when plugin implementation fails * @exception SignatureException when signing fails * @exception InvalidKeyException when an invalid key is utilized */ private void pushSignature() throws IOException, ELogException, - SignatureException, InvalidKeyException - { + SignatureException, InvalidKeyException { byte[] sigBytes = null; - if( mSignature == null ) { + if (mSignature == null) { return; } @@ -727,31 +726,31 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { LOGGING_SIGNED_AUDIT_SIGNING, ILogger.SYSTEM_UID, ILogger.SUCCESS, - base64Encode( sigBytes ) ); + base64Encode(sigBytes)); - if( mSignedAuditLogger == null ) { + if (mSignedAuditLogger == null) { return; } ILogEvent ev = mSignedAuditLogger.create( ILogger.EV_SIGNED_AUDIT, - ( Properties ) null, + (Properties) null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, auditMessage, o, - ILogger.L_SINGLELINE ); + ILogger.L_SINGLELINE); - String logMesg = logEvt2String(ev); + String logMesg = logEvt2String(ev); doLog(logMesg, true); } private static String getLastSignature(File f) throws IOException { - BufferedReader r = new BufferedReader( new FileReader(f) ); + BufferedReader r = new BufferedReader(new FileReader(f)); String lastSig = null; String curLine = null; - while( (curLine = r.readLine()) != null ) { - if( curLine.indexOf("AUDIT_LOG_SIGNING") != -1 ) { + while ((curLine = r.readLine()) != null) { + if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) { lastSig = curLine; } } @@ -760,8 +759,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Open the log file. This creates the buffered FileWriter - * + * Open the log file. This creates the buffered FileWriter + * */ protected synchronized void open() throws IOException { RandomAccessFile out; @@ -771,12 +770,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { out.seek(out.length()); //XXX int or long? mBytesWritten = (int) out.length(); - if( !Utils.isNT() ) { + if (!Utils.isNT()) { try { - Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() ); - } catch( IOException e ) { - CMS.debug( "Unable to change file permissions on " - + mFile.toString() ); + Utils.exec("chmod 00640 " + mFile.getCanonicalPath()); + } catch (IOException e) { + CMS.debug("Unable to change file permissions on " + + mFile.toString()); } } mLogWriter = new BufferedWriter( @@ -785,20 +784,20 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // The first time we open, mSignature will not have been // initialized yet. That's ok, we will push our first signature // in setupSigning(). - if( mLogSigning && (mSignature != null)) { + if (mLogSigning && (mSignature != null)) { try { pushSignature(); } catch (ELogException le) { ConsoleError.send( - new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", - mFileName))); + new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", + mFileName))); } } } catch (IllegalArgumentException iae) { ConsoleError.send( - new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", - mFileName))); - } catch(GeneralSecurityException gse) { + new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT", + mFileName))); + } catch (GeneralSecurityException gse) { // error with signed audit log, shutdown CMS gse.printStackTrace(); shutdownCMS(); @@ -808,12 +807,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Flush the log file. Also update the MAC for hash protected logs - * + * Flush the log file. Also update the MAC for hash protected logs + * */ public synchronized void flush() { try { - if( mLogSigning ) { + if (mLogSigning) { try { pushSignature(); } catch (ELogException le) { @@ -831,7 +830,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { e.printStackTrace(); shutdownCMS(); } - } catch(GeneralSecurityException gse) { + } catch (GeneralSecurityException gse) { // error with signed audit log, shutdown CMS gse.printStackTrace(); shutdownCMS(); @@ -842,7 +841,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Close the log file - * + * */ protected synchronized void close() { try { @@ -859,10 +858,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Shutdown this log file. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit - * function shutdown + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit function shutdown * </ul> */ public synchronized void shutdown() { @@ -876,9 +874,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN, ILogger.SYSTEM_UID, - ILogger.SUCCESS ); + ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); close(); } @@ -886,9 +884,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Set the flush interval * <P> - * @param flushInterval The amount of time in seconds until the log - * is flush. A value of 0 will disable autoflush. This will also set - * the update period for hash protected logs. + * + * @param flushInterval The amount of time in seconds until the log + * is flush. A value of 0 will disable autoflush. This will also set + * the update period for hash protected logs. **/ public synchronized void setFlushInterval(int flushInterval) { mFlushInterval = flushInterval * 1000; @@ -903,7 +902,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Log flush thread. Sleep for the flush interval and flush the + * Log flush thread. Sleep for the flush interval and flush the * log. Changing flush interval to 0 will cause this thread to exit. */ final class FlushThread extends Thread { @@ -925,7 +924,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } catch (InterruptedException e) { // This shouldn't happen very often ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush"))); + SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush"))); } } @@ -942,10 +941,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } /** - * Synchronized method to write a string to the log file. All I18N + * Synchronized method to write a string to the log file. All I18N * should take place before this call. - * - * @param entry The log entry string + * + * @param entry The log entry string */ protected synchronized void log(String entry) throws ELogException { doLog(entry, false); @@ -971,40 +970,40 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { mLogWriter.write(entry, 0/*offset*/, entry.length()); - if (mLogSigning==true) { - if(mSignature != null) { + if (mLogSigning == true) { + if (mSignature != null) { // include newline for calculating MAC mSignature.update(entry.getBytes("UTF-8")); } else { CMS.debug("LogFile: mSignature is not yet ready... null in log()"); } } - if (mTrace) { - CharArrayWriter cw = new CharArrayWriter(200); + if (mTrace) { + CharArrayWriter cw = new CharArrayWriter(200); PrintWriter pw = new PrintWriter(cw); Exception e = new Exception(); - e.printStackTrace(pw); - char[] c = cw.toCharArray(); - cw.close(); + e.printStackTrace(pw); + char[] c = cw.toCharArray(); + cw.close(); pw.close(); - CharArrayReader cr = new CharArrayReader(c); + CharArrayReader cr = new CharArrayReader(c); LineNumberReader lr = new LineNumberReader(cr); - String text = null; - String method = null; + String text = null; + String method = null; String fileAndLine = null; - if (lr.ready()) { - text = lr.readLine(); - do { - text = lr.readLine(); + if (lr.ready()) { + text = lr.readLine(); + do { + text = lr.readLine(); } while (text.indexOf("logging") != -1); - int p = text.indexOf("("); + int p = text.indexOf("("); fileAndLine = text.substring(p); - String classandmethod = text.substring(0, p); - int q = classandmethod.lastIndexOf("."); - method = classandmethod.substring(q + 1); + String classandmethod = text.substring(0, p); + int q = classandmethod.lastIndexOf("."); + method = classandmethod.substring(q + 1); mLogWriter.write(fileAndLine, 0/*offset*/, fileAndLine.length()); mLogWriter.write(" ", 0/*offset*/, " ".length()); mLogWriter.write(method, 0/*offset*/, method.length()); @@ -1012,8 +1011,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } mLogWriter.newLine(); - if (mLogSigning==true){ - if(mSignature != null) { + if (mLogSigning == true) { + if (mSignature != null) { mSignature.update(LINE_SEP_BYTE); } else { CMS.debug("LogFile: mSignature is null in log() 2"); @@ -1027,17 +1026,16 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { shutdownCMS(); } } catch (IllegalStateException e) { - CMS.debug("LogFile: exception thrown in log(): "+e.toString()); - ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION,e.toString()))); - } catch( GeneralSecurityException gse ) { + CMS.debug("LogFile: exception thrown in log(): " + e.toString()); + ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION, e.toString()))); + } catch (GeneralSecurityException gse) { // DJN: handle error CMS.debug("LogFile: exception thrown in log(): " - + gse.toString()); + + gse.toString()); gse.printStackTrace(); ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage( - LOG_SIGNED_AUDIT_EXCEPTION,gse.toString()))); + LOG_SIGNED_AUDIT_EXCEPTION, gse.toString()))); } - // XXX // Although length will be in Unicode dual-bytes, the PrintWriter @@ -1057,8 +1055,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Write an event to the log file - * - * @param ev The event to be logged. + * + * @param ev The event to be logged. */ public void log(ILogEvent ev) throws ELogException { if (ev instanceof AuditEvent) { @@ -1069,7 +1067,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) { return; } - } else if (ev instanceof SignedAuditEvent) { + } else if (ev instanceof SignedAuditEvent) { if (!mType.equals("signedAudit") || (!mOn) || mLevel > ev.getLevel()) { return; } @@ -1082,7 +1080,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { String type = ev.getEventType(); if (type != null) { if (!mSelectedEvents.contains(type)) { - CMS.debug("LogFile: event type not selected: "+type); + CMS.debug("LogFile: event type not selected: " + type); return; } } @@ -1120,8 +1118,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * change multi-line log entry by replace "\n" with "\n " - * - * @param original The original multi-line log entry. + * + * @param original The original multi-line log entry. */ private String prepareMultiline(String original) { int i, last = 0; @@ -1138,12 +1136,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { * Read all entries whose logLevel>=lowLevel && log source = source * to at most maxLine entries(from end) * If the parameter is -1, it's ignored and return all entries - * + * * @param maxLine The maximum lines to be returned * @param lowLevel The lowest log level to be returned * @param source The particular log source to be returned * @param fName The log file name to be read. If it's null, read the current - * log file + * log file */ public Vector<LogEntry> readEntry(int maxLine, int lowLevel, int source, String fName) { Vector<LogEntry> mEntries = new Vector<LogEntry>(); @@ -1152,7 +1150,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { int lineNo = 0; // lineNo of the current entry in the log file int line = 0; // line of readed valid entries String firstLine = null; // line buffer - String nextLine = null; + String nextLine = null; String entry = null; LogEntry logEntry = null; @@ -1162,7 +1160,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { this implementation is assuming parsing is more time consuming than condition check */ - LogEntry preLogEntry = null; + LogEntry preLogEntry = null; if (fName != null) { fileName = fName; @@ -1194,9 +1192,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // if parse succeed, write out previous entry if (preLogEntry != null) { if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) && - ((Integer.parseInt(preLogEntry.getSource()) == source) || + ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL) - )) { + )) { mEntries.addElement(preLogEntry); if (maxLine == -1) { line++; @@ -1223,13 +1221,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } catch (IOException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("LOGGING_READ_ERROR", fileName, - Integer.toString(lineNo))); + ILogger.LL_FAILURE, + CMS.getLogMessage("LOGGING_READ_ERROR", fileName, + Integer.toString(lineNo))); } - } - while (nextLine != null); + } while (nextLine != null); // need to process the last 2 entries of the file if (firstLine != null) { @@ -1248,9 +1245,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { */ if (preLogEntry != null) { if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) && - ((Integer.parseInt(preLogEntry.getSource()) == source) || + ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL) - )) { + )) { mEntries.addElement(preLogEntry); if (maxLine == -1) { line++; @@ -1268,11 +1265,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (preLogEntry != null) { if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) - && - ((Integer.parseInt(preLogEntry.getSource()) == source) + && + ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL) - )) { + )) { // parse the entry, pass to UI mEntries.addElement(preLogEntry); if (maxLine == -1) { @@ -1291,15 +1288,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { fBuffer.close(); } catch (IOException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, "logging:" + fileName + - " failed to close for reading"); + ILogger.LL_FAILURE, "logging:" + fileName + + " failed to close for reading"); } } catch (FileNotFoundException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("LOGGING_FILE_NOT_FOUND", - fileName)); + ILogger.LL_FAILURE, + CMS.getLogMessage("LOGGING_FILE_NOT_FOUND", + fileName)); } return mEntries; } @@ -1307,7 +1304,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Retrieves the configuration store of this subsystem. * <P> - * + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -1316,7 +1313,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Retrieve last "maxLine" number of system log with log lever >"level" - * and from source "source". If the parameter is omitted. All entries + * and from source "source". If the parameter is omitted. All entries * are sent back. */ public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException, @@ -1324,18 +1321,18 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { NameValuePairs params = new NameValuePairs(); String tmp, fName = null; int maxLine = -1, level = -1, source = -1; - Vector<LogEntry> entries = null; + Vector<LogEntry> entries = null; - if ((tmp = (String)req.get(Constants.PR_LOG_ENTRY)) != null) { + if ((tmp = (String) req.get(Constants.PR_LOG_ENTRY)) != null) { maxLine = Integer.parseInt(tmp); } - if ((tmp = (String)req.get(Constants.PR_LOG_LEVEL)) != null) { + if ((tmp = (String) req.get(Constants.PR_LOG_LEVEL)) != null) { level = Integer.parseInt(tmp); } - if ((tmp = (String)req.get(Constants.PR_LOG_SOURCE)) != null) { + if ((tmp = (String) req.get(Constants.PR_LOG_SOURCE)) != null) { source = Integer.parseInt(tmp); } - tmp = (String)req.get(Constants.PR_LOG_NAME); + tmp = (String) req.get(Constants.PR_LOG_NAME); if (!(tmp.equals(Constants.PR_CURRENT_LOG))) { fName = tmp; } else { @@ -1346,12 +1343,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { entries = readEntry(maxLine, level, source, fName); for (int i = 0; i < entries.size(); i++) { params.add(Integer.toString(i) + - ((LogEntry) entries.elementAt(i)).getEntry(), ""); + ((LogEntry) entries.elementAt(i)).getEntry(), ""); } } catch (Exception e) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_WARN, - "System log parse error"); + ILogger.LL_WARN, + "System log parse error"); } return params; } @@ -1386,9 +1383,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // is not for the signed audit type, then we should not show the // following parameters. //if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { - v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" ); - v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" ); - v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" ); + v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="); + v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="); + v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="); //} return v; @@ -1401,11 +1398,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (mType == null) { v.addElement(PROP_TYPE + "="); - }else { + } else { v.addElement(PROP_TYPE + "=" + - mConfig.getString(PROP_TYPE)); + mConfig.getString(PROP_TYPE)); } - v.addElement(PROP_ON + "=" + String.valueOf( mOn ) ); + v.addElement(PROP_ON + "=" + String.valueOf(mOn)); if (mLevel == 0) v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING); else if (mLevel == 1) @@ -1423,29 +1420,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if (mFileName == null) { v.addElement(PROP_FILE_NAME + "="); - }else { + } else { v.addElement(PROP_FILE_NAME + "=" + - mFileName); + mFileName); } v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize); v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000); - if( (mType != null) && mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { - v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" - + String.valueOf( mLogSigning ) ); + if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) { + v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=" + + String.valueOf(mLogSigning)); - if( mSAuditCertNickName == null ) { - v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" ); + if (mSAuditCertNickName == null) { + v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="); } else { - v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" - + mSAuditCertNickName ); + v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" + + mSAuditCertNickName); } - if( mSelectedEventsList == null ) { - v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" ); + if (mSelectedEventsList == null) { + v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="); } else { - v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" - + mSelectedEventsList ); + v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=" + + mSelectedEventsList); } } } catch (Exception e) { @@ -1454,30 +1451,30 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } public String[] getExtendedPluginInfo(Locale locale) { - if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) { + if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) { String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", - PROP_ON + ";boolean;Turn on the listener", - PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + - ILogger.LL_INFO_STRING + "," + - ILogger.LL_WARN_STRING + "," + - ILogger.LL_FAILURE_STRING + "," + - ILogger.LL_MISCONF_STRING + "," + - ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", - PROP_FILE_NAME + ";string;The name of the file the log is written to", - PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-logrules-logfile", - IExtendedPluginInfo.HELP_TEXT + - ";Write the log messages to a file", - PROP_SIGNED_AUDIT_LOG_SIGNING + - ";boolean;Enable audit logs to be signed", - PROP_SIGNED_AUDIT_CERT_NICKNAME + - ";string;The nickname of the certificate to be used to sign audit logs", - PROP_SIGNED_AUDIT_EVENTS + - ";string;A comma-separated list of strings used to specify particular signed audit log events", + PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_ON + ";boolean;Turn on the listener", + PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + + ILogger.LL_INFO_STRING + "," + + ILogger.LL_WARN_STRING + "," + + ILogger.LL_FAILURE_STRING + "," + + ILogger.LL_MISCONF_STRING + "," + + ILogger.LL_CATASTRPHE_STRING + "," + + ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + PROP_FILE_NAME + ";string;The name of the file the log is written to", + PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", + PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-logrules-logfile", + IExtendedPluginInfo.HELP_TEXT + + ";Write the log messages to a file", + PROP_SIGNED_AUDIT_LOG_SIGNING + + ";boolean;Enable audit logs to be signed", + PROP_SIGNED_AUDIT_CERT_NICKNAME + + ";string;The nickname of the certificate to be used to sign audit logs", + PROP_SIGNED_AUDIT_EVENTS + + ";string;A comma-separated list of strings used to specify particular signed audit log events", }; return params; @@ -1485,22 +1482,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // mType.equals( ILogger.PROP_AUDIT ) || // mType.equals( ILogger.PROP_SYSTEM ) String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", - PROP_ON + ";boolean;Turn on the listener", - PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + - ILogger.LL_INFO_STRING + "," + - ILogger.LL_WARN_STRING + "," + - ILogger.LL_FAILURE_STRING + "," + - ILogger.LL_MISCONF_STRING + "," + - ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", - PROP_FILE_NAME + ";string;The name of the file the log is written to", - PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-logrules-logfile", - IExtendedPluginInfo.HELP_TEXT + - ";Write the log messages to a file" + PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_ON + ";boolean;Turn on the listener", + PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + + ILogger.LL_INFO_STRING + "," + + ILogger.LL_WARN_STRING + "," + + ILogger.LL_FAILURE_STRING + "," + + ILogger.LL_MISCONF_STRING + "," + + ILogger.LL_CATASTRPHE_STRING + "," + + ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + PROP_FILE_NAME + ";string;The name of the file the log is written to", + PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", + PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-logrules-logfile", + IExtendedPluginInfo.HELP_TEXT + + ";Write the log messages to a file" }; return params; @@ -1509,27 +1506,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { /** * Signed Audit Log - * + * * This method is inherited by all classes that extend this "LogFile" * class, and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ - protected void audit( String msg ) - { + protected void audit(String msg) { // in this case, do NOT strip preceding/trailing whitespace // from passed-in String parameters - if( mSignedAuditLogger == null ) { + if (mSignedAuditLogger == null) { return; } - mSignedAuditLogger.log( ILogger.EV_SIGNED_AUDIT, + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, - msg ); + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java index d2dab395..967c7903 100644 --- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.logging; - import java.io.File; import java.io.FileNotFoundException; import java.io.FilenameFilter; @@ -41,12 +40,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.SystemEvent; import com.netscape.cmsutil.util.Utils; - /** * A rotating log file for Certificate log events. This class loosely follows * the Netscape Common Log API implementing rollover interval, size and file * naming conventions. It does not yet implement Disk Usage. - * + * * @version $Revision$, $Date$ */ public class RollingLogFile extends LogFile { @@ -105,7 +103,7 @@ public class RollingLogFile extends LogFile { private Object mExpLock = new Object(); private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE = - "LOGGING_SIGNED_AUDIT_LOG_DELETE_3"; + "LOGGING_SIGNED_AUDIT_LOG_DELETE_3"; /** * Construct a RollingLogFile @@ -115,7 +113,7 @@ public class RollingLogFile extends LogFile { /** * Initialize and open a RollingLogFile using the prop config store - * + * * @param config The property config store to find values in */ public void init(IConfigStore config) throws IOException, @@ -123,8 +121,8 @@ public class RollingLogFile extends LogFile { super.init(config); rl_init(config.getInteger(PROP_MAX_FILE_SIZE, MAX_FILE_SIZE), - config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL), - config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME)); + config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL), + config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME)); } /** @@ -132,7 +130,7 @@ public class RollingLogFile extends LogFile { * attributes. */ protected void rl_init(int maxFileSize, String rolloverInterval, - String expirationTime) { + String expirationTime) { mMaxFileSize = maxFileSize * 1024; setRolloverTime(rolloverInterval); setExpirationTime(expirationTime); @@ -153,9 +151,9 @@ public class RollingLogFile extends LogFile { /** * Set the rollover interval - * - * @param rolloverSeconds The amount of time in seconds until the log - * is rotated. A value of 0 will disable log rollover. + * + * @param rolloverSeconds The amount of time in seconds until the log + * is rotated. A value of 0 will disable log rollover. **/ public synchronized void setRolloverTime(String rolloverSeconds) { mRolloverInterval = Long.valueOf(rolloverSeconds).longValue() * 1000; @@ -171,8 +169,8 @@ public class RollingLogFile extends LogFile { /** * Get the rollover interval - * - * @return The interval in seconds in which the log is rotated + * + * @return The interval in seconds in which the log is rotated **/ public synchronized int getRolloverTime() { return (int) (mRolloverInterval / 1000); @@ -180,9 +178,9 @@ public class RollingLogFile extends LogFile { /** * Set the file expiration time - * - * @param expirationSeconds The amount of time in seconds until log files - * are deleted + * + * @param expirationSeconds The amount of time in seconds until log files + * are deleted **/ public void setExpirationTime(String expirationSeconds) { @@ -205,8 +203,8 @@ public class RollingLogFile extends LogFile { /** * Get the expiration time - * - * @return The age in seconds in which log files are delete + * + * @return The age in seconds in which log files are delete **/ public int getExpirationTime() { return (int) (mExpirationTime / 1000); @@ -217,7 +215,7 @@ public class RollingLogFile extends LogFile { * extension **/ public synchronized void rotate() - throws IOException { + throws IOException { //File backupFile = new File(mFileName + "." + mFileNumber); File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate)); @@ -225,54 +223,54 @@ public class RollingLogFile extends LogFile { // close, backup, and reopen the log file zeroizing its contents super.close(); try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - mFile.getCanonicalPath().replace( '/', '\\' ) + + Utils.exec("copy " + + mFile.getCanonicalPath().replace('/', '\\') + " " + - backupFile.getCanonicalPath().replace( '/', - '\\' ) ); + backupFile.getCanonicalPath().replace('/', + '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " + - backupFile.getCanonicalPath() ); + Utils.exec("cp -p " + mFile.getCanonicalPath() + " " + + backupFile.getCanonicalPath()); } // Zeroize the original file if and only if // the backup copy was successful. - if( backupFile.exists() ) { + if (backupFile.exists()) { // Make certain that the backup file has // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00640 " + backupFile.getCanonicalPath()); } try { // Open and close the original file // to zeroize its contents. - PrintWriter pw = new PrintWriter( mFile ); + PrintWriter pw = new PrintWriter(mFile); pw.close(); // Make certain that the original file retains // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00640 " + mFile.getCanonicalPath()); } - } catch ( FileNotFoundException e ) { - CMS.debug( "Unable to zeroize " - + mFile.toString() ); + } catch (FileNotFoundException e) { + CMS.debug("Unable to zeroize " + + mFile.toString()); } } else { - CMS.debug( "Unable to backup " + CMS.debug("Unable to backup " + mFile.toString() + " to " - + backupFile.toString() ); + + backupFile.toString()); } - } catch( Exception e ) { - CMS.debug( "Unable to backup " + } catch (Exception e) { + CMS.debug("Unable to backup " + mFile.toString() + " to " - + backupFile.toString() ); + + backupFile.toString()); } super.open(); // will reset mBytesWritten mFileNumber++; @@ -282,17 +280,16 @@ public class RollingLogFile extends LogFile { * Remove any log files which have not been modified in the specified * time * <P> - * - * NOTE: automatic removal of log files is currently NOT supported! + * + * NOTE: automatic removal of log files is currently NOT supported! * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log - * expires (authorization should not allow, but in case authorization gets - * compromised make sure it is written AFTER the log expiration happens) + * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log expires (authorization should not allow, but in case authorization gets compromised make sure it is written AFTER the log expiration happens) * </ul> + * * @param expirationSeconds The number of seconds since the expired files - * have been modified. + * have been modified. * @return the time in milliseconds when the next file expires **/ public long expire(long expirationSeconds) throws ELogException { @@ -322,7 +319,7 @@ public class RollingLogFile extends LogFile { pathName = fileName.substring(0, index); baseName = fileName.substring(index + 1); dirName = dirName.concat("/" + pathName); - }else { // "/" NOT exist in fileName + } else { // "/" NOT exist in fileName baseName = fileName; } @@ -330,8 +327,7 @@ public class RollingLogFile extends LogFile { String[] filelist = dir.list(ff); if (filelist == null) { // Crap! Something is wrong. - throw new - ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED", + throw new ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED", dirName, ff.toString())); } @@ -340,10 +336,10 @@ public class RollingLogFile extends LogFile { for (int i = 0; i < filelist.length; i++) { if (pathName != null) { filelist[i] = pathName + "/" + filelist[i]; - }else { + } else { filelist[i] = dirName + "/" + filelist[i]; } - + String fullname = dirName + File.separatorChar + filelist[i]; File file = new File(fullname); long fileTime = file.lastModified(); @@ -392,7 +388,7 @@ public class RollingLogFile extends LogFile { // /** - * Log rotation thread. Sleep for the rollover interval and rotate the + * Log rotation thread. Sleep for the rollover interval and rotate the * log. Changing rollover interval to 0 will cause this thread to exit. */ final class RolloverThread extends Thread { @@ -414,7 +410,7 @@ public class RollingLogFile extends LogFile { } catch (InterruptedException e) { // This shouldn't happen very often CMS.getLogger().getLogQueue().log(new - SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover"))); + SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover"))); } } @@ -427,7 +423,7 @@ public class RollingLogFile extends LogFile { rotate(); } catch (IOException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()))); break; } } @@ -439,9 +435,8 @@ public class RollingLogFile extends LogFile { } } - /** - * Log expiration thread. Sleep for the expiration interval and + * Log expiration thread. Sleep for the expiration interval and * delete any files which are too old. * Changing expiration interval to 0 will cause this thread to exit. */ @@ -467,11 +462,11 @@ public class RollingLogFile extends LogFile { wakeupTime = expire((long) (mExpirationTime / 1000)); } catch (SecurityException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); break; } catch (ELogException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString()))); break; } @@ -488,7 +483,7 @@ public class RollingLogFile extends LogFile { } catch (InterruptedException e) { // This shouldn't happen very often ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration"))); + SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration"))); } } } @@ -499,8 +494,8 @@ public class RollingLogFile extends LogFile { /** * Write an event to the log file - * - * @param ev The event to be logged. + * + * @param ev The event to be logged. **/ public synchronized void log(ILogEvent ev) throws ELogException { //xxx, Shall we log first without checking if it exceed the maximum? @@ -519,9 +514,9 @@ public class RollingLogFile extends LogFile { /** * Retrieve log file list. */ - public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req - ) throws ServletException, - IOException, EBaseException { + public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req + ) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String[] files = null; @@ -534,7 +529,7 @@ public class RollingLogFile extends LogFile { /** * Get the log file list in the log directory - * + * * @return an array of filenames with related path to cert server root */ protected String[] fileList() { @@ -552,10 +547,10 @@ public class RollingLogFile extends LogFile { } else { dirName = dirName.concat("/" + pathName); } - }else { // "/" NOT exist in fileName + } else { // "/" NOT exist in fileName baseName = fileName; } - + File dir = new File(dirName); fileFilter ff = new fileFilter(baseName + "."); @@ -563,13 +558,13 @@ public class RollingLogFile extends LogFile { //error,logs,logs/error jdk115 //logs/system,., logs/system jdk116 //System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); //log/system,. - + String[] filelist = dir.list(ff); for (int i = 0; i < filelist.length; i++) { if (pathName != null) { filelist[i] = pathName + "/" + filelist[i]; - }else { + } else { filelist[i] = dirName + "/" + filelist[i]; } } @@ -627,10 +622,10 @@ public class RollingLogFile extends LogFile { info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated."); info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds"); info.addElement(IExtendedPluginInfo.HELP_TOKEN + - //";configuration-logrules-rollinglogfile"); - ";configuration-adminbasics"); + //";configuration-logrules-rollinglogfile"); + ";configuration-adminbasics"); info.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Write the log messages to a file which will be rotated automatically."); + ";Write the log messages to a file which will be rotated automatically."); String[] params = new String[info.size()]; info.copyInto(params); @@ -639,14 +634,13 @@ public class RollingLogFile extends LogFile { } } - /** * A file filter to select the file with a given prefix */ class fileFilter implements FilenameFilter { String patternToMatch = null; - public fileFilter (String pattern) { + public fileFilter(String pattern) { patternToMatch = pattern; } diff --git a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java index af651584..ef09d8f7 100644 --- a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java +++ b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.notification; - import java.io.IOException; import java.io.PrintStream; import java.util.Vector; @@ -30,13 +29,12 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.notification.ENotificationException; import com.netscape.certsrv.notification.IMailNotification; - /** * This class handles mail notification via SMTP. * This class uses <b>smtp.host</b> in the configuration for smtp - * host. The port default (25) is used. If no smtp specified, local + * host. The port default (25) is used. If no smtp specified, local * host is used - * + * * @version $Revision$, $Date$ */ public class MailNotification implements IMailNotification { @@ -56,10 +54,10 @@ public class MailNotification implements IMailNotification { if (mHost == null) { try { IConfigStore mConfig = - CMS.getConfigStore(); + CMS.getConfigStore(); IConfigStore c = - mConfig.getSubStore(PROP_SMTP_SUBSTORE); + mConfig.getSubStore(PROP_SMTP_SUBSTORE); if (c == null) { return; @@ -94,7 +92,7 @@ public class MailNotification implements IMailNotification { if ((mFrom != null) && (!mFrom.equals(""))) sc.from(mFrom); else { - throw new ENotificationException ( + throw new ENotificationException( CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_SENDER")); } @@ -103,7 +101,7 @@ public class MailNotification implements IMailNotification { log(ILogger.LL_INFO, "mail to be sent to " + mTo); sc.to(mTo); } else { - throw new ENotificationException ( + throw new ENotificationException( CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_RECEIVER")); } @@ -129,13 +127,14 @@ public class MailNotification implements IMailNotification { sc.closeServer(); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new ENotificationException ( + throw new ENotificationException( CMS.getUserMessage("CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo)); } } /** * sets the "From" field + * * @param from email address of the sender */ public void setFrom(String from) { @@ -144,6 +143,7 @@ public class MailNotification implements IMailNotification { /** * sets the "Subject" field + * * @param subject subject of the email */ public void setSubject(String subject) { @@ -152,6 +152,7 @@ public class MailNotification implements IMailNotification { /** * sets the "Content-Type" field + * * @param contentType content type of the email */ public void setContentType(String contentType) { @@ -160,6 +161,7 @@ public class MailNotification implements IMailNotification { /** * sets the content of the email + * * @param content the message content */ public void setContent(String content) { @@ -168,6 +170,7 @@ public class MailNotification implements IMailNotification { /** * sets the recipients' email addresses + * * @param addresses a list of email addresses of the recipients */ public void setTo(Vector<String> addresses) { @@ -177,6 +180,7 @@ public class MailNotification implements IMailNotification { /** * sets the recipient's email address + * * @param to address of the recipient email address */ public void setTo(String to) { @@ -187,7 +191,7 @@ public class MailNotification implements IMailNotification { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "MailNotification: " + msg); + level, "MailNotification: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java index 0468e13f..34cf5578 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -75,11 +74,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** * This is the default OCSP store that stores revocation information * as certificate record (CMS internal data structure). - * + * * @version $Revision$, $Date$ */ public class DefStore implements IDefStore, IExtendedPluginInfo { @@ -90,18 +88,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { private static final String PROP_USE_CACHE = "useCache"; private static final String PROP_REFRESH_IN_SEC = "refreshInSec"; - private static final int DEF_REFRESH_IN_SEC = 0; + private static final int DEF_REFRESH_IN_SEC = 0; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - private final static String PROP_BY_NAME = - "byName"; - private final static String PROP_WAIT_ON_CRL_UPDATE = - "waitOnCRLUpdate"; + private final static String PROP_BY_NAME = + "byName"; + private final static String PROP_WAIT_ON_CRL_UPDATE = + "waitOnCRLUpdate"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + "includeNextUpdate"; protected Hashtable<String, Long> mReqCounts = new Hashtable<String, Long>(); protected boolean mNotFoundGood = true; @@ -123,19 +121,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { public DefStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector<String> v = new Vector<String>(); + public String[] getExtendedPluginInfo(Locale locale) { + Vector<String> v = new Vector<String>(); v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; @@ -170,8 +168,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { initWebGateway(); /** - DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); - t.start(); + * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); + * t.start(); **/ // deleteOldCRLs(); } @@ -180,7 +178,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * init web gateway - just gets the ee gateway for this CA. */ private void initWebGateway() - throws EBaseException { + throws EBaseException { } public IRepositoryRecord createRepositoryRecord() { @@ -222,20 +220,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } /** - * This store will not delete the old CRL until the + * This store will not delete the old CRL until the * new one is totally committed. */ public void deleteOldCRLs() throws EBaseException { Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), 100); X509CertImpl theCert = null; ICRLIssuingPointRecord theRec = null; while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = - recs.nextElement(); + ICRLIssuingPointRecord rec = + recs.nextElement(); deleteOldCRLsInCA(rec.getId()); } @@ -246,7 +244,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { try { ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord) - readCRLIssuingPoint(caName); + readCRLIssuingPoint(caName); if (cp == null) return; // nothing to do @@ -257,34 +255,35 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { Enumeration<IRepositoryRecord> e = searchRepository( caName, "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + - thisUpdate + ")"); + thisUpdate + ")"); while (e != null && e.hasMoreElements()) { IRepositoryRecord r = e.nextElement(); - Enumeration<ICertRecord> recs = - searchCertRecord(caName, - r.getSerialNumber().toString(), - ICertRecord.ATTR_ID + "=*"); - - log(ILogger.LL_INFO, "remove CRL 0x" + - r.getSerialNumber().toString(16) + - " of " + caName); - String rep_dn = "ou=" + - r.getSerialNumber().toString() + - ",cn=" + transformDN(caName) + "," + - getBaseDN(); + Enumeration<ICertRecord> recs = + searchCertRecord(caName, + r.getSerialNumber().toString(), + ICertRecord.ATTR_ID + "=*"); + + log(ILogger.LL_INFO, "remove CRL 0x" + + r.getSerialNumber().toString(16) + + " of " + caName); + String rep_dn = "ou=" + + r.getSerialNumber().toString() + + ",cn=" + transformDN(caName) + "," + + getBaseDN(); while (recs != null && recs.hasMoreElements()) { - ICertRecord rec = recs.nextElement(); - String cert_dn = "cn=" + - rec.getSerialNumber().toString() + "," + rep_dn; + ICertRecord rec = recs.nextElement(); + String cert_dn = "cn=" + + rec.getSerialNumber().toString() + "," + rep_dn; s.delete(cert_dn); } s.delete(rep_dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -297,12 +296,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void startup() throws EBaseException { - int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, - DEF_REFRESH_IN_SEC); + int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, + DEF_REFRESH_IN_SEC); if (refresh > 0) { - DefStoreCRLUpdater updater = - new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); - updater.start(); + DefStoreCRLUpdater updater = + new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); + updater.start(); } } @@ -324,10 +323,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) + throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -339,13 +338,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { // certificate's status Vector<SingleResponse> singleResponses = new Vector<SingleResponse>(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -353,17 +352,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); - if (singleResponses.size() <= 0) { + if (singleResponses.size() <= 0) { CMS.debug("DefStore: No Request Found"); log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found")); return null; } if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -391,24 +390,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { ResponseData rd = new ResponseData(rid, new GeneralizedTime(CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd); long signEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } mOCSPAuthority.incSignTime(signEndTime - signStartTime); OCSPResponse response = new OCSPResponse( OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + new OCTET_STRING(ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -435,17 +434,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { ICRLIssuingPointRecord theRec = null; byte keyhsh[] = cid.getIssuerKeyHash().toByteArray(); CRLIPContainer matched = (CRLIPContainer) - mCacheCRLIssuingPoints.get(new String(keyhsh)); + mCacheCRLIssuingPoints.get(new String(keyhsh)); if (matched == null) { Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), 100); while (recs.hasMoreElements()) { ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) - recs.nextElement(); + recs.nextElement(); byte certdata[] = rec.getCACert(); X509CertImpl cert = null; @@ -468,15 +467,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { byte crldata[] = rec.getCRL(); if (rec.getCRLCache() == null) { - CMS.debug("DefStore: start building x509 crl impl"); - try { - theCRL = new X509CRLImpl(crldata); - } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); - } - CMS.debug("DefStore: done building x509 crl impl"); + CMS.debug("DefStore: start building x509 crl impl"); + try { + theCRL = new X509CRLImpl(crldata); + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); + } + CMS.debug("DefStore: done building x509 crl impl"); } else { - CMS.debug("DefStore: using crl cache"); + CMS.debug("DefStore: using crl cache"); } mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL)); break; @@ -524,25 +523,25 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: evaluating crl cache"); Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone(); if (cache != null) { - RevokedCertificate rc = (RevokedCertificate) - cache.get(new BigInteger(serialNo.toString())); - if (rc == null) { - if (isNotFoundGood()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + RevokedCertificate rc = (RevokedCertificate) + cache.get(new BigInteger(serialNo.toString())); + if (rc == null) { + if (isNotFoundGood()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } - } else { - + } else { + certStatus = new RevokedInfo( - new GeneralizedTime( - rc.getRevocationDate())); - } + new GeneralizedTime( + rc.getRevocationDate())); + } } } - + } else { - CMS.debug("DefStore: evaluating x509 crl impl"); + CMS.debug("DefStore: evaluating x509 crl impl"); X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString())); if (crlentry == null) { @@ -555,7 +554,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } else { certStatus = new RevokedInfo(new GeneralizedTime( crlentry.getRevocationDate())); - + } } return new SingleResponse(cid, certStatus, thisUpdate, @@ -580,17 +579,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { return mDBService.getBaseDN(); } - public Enumeration<ICRLIssuingPointRecord > searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + public Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize) + throws EBaseException { return searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), maxSize); } public Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + int maxSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<ICRLIssuingPointRecord> e = null; @@ -604,20 +603,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public synchronized void modifyCRLIssuingPointRecord(String name, - ModificationSet mods) throws EBaseException { + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.modify(dn, mods); } catch (EBaseException e) { - CMS.debug("modifyCRLIssuingPointRecord: error=" + e); - CMS.debug(e); - throw e; + CMS.debug("modifyCRLIssuingPointRecord: error=" + e); + CMS.debug(e); + throw e; } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -625,42 +625,45 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Returns an issuing point. */ public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); ICRLIssuingPointRecord rec = null; try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICRLIssuingPointRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { + String name, BigInteger crlNumber, + Long crlSize, Date thisUpdate, Date nextUpdate) { return CMS.createCRLIssuingPointRecord( name, crlNumber, crlSize, thisUpdate, nextUpdate); } - public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { + public void deleteCRLIssuingPointRecord(String id) + throws EBaseException { IDBSSession s = null; try { s = mDBService.createSession(); - String name = "cn=" + transformDN(id) + "," + getBaseDN(); + String name = "cn=" + transformDN(id) + "," + getBaseDN(); CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name); - if (s != null) s.delete(name); + if (s != null) + s.delete(name); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -668,12 +671,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.add(dn, (ICRLIssuingPointRecord) rec); } finally { @@ -683,7 +686,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public Enumeration<IRepositoryRecord> searchRepository(String name, String filter) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<IRepositoryRecord> e = null; @@ -701,13 +704,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "ou=" + thisUpdate + ",cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -717,22 +720,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void modifyCertRecord(String name, String thisUpdate, - String sno, - ModificationSet mods) throws EBaseException { + String sno, + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); - if (s != null) s.modify(dn, mods); + if (s != null) + s.modify(dn, mods); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } public Enumeration<ICertRecord> searchCertRecord(String name, String thisUpdate, - String filter) throws EBaseException { + String filter) throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<ICertRecord> e = null; @@ -748,20 +753,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public ICertRecord readCertRecord(String name, String thisUpdate, - String sno) - throws EBaseException { + String sno) + throws EBaseException { IDBSSession s = mDBService.createSession(); ICertRecord rec = null; try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICertRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } @@ -770,13 +776,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCertRecord(String name, String thisUpdate, - String sno, ICertRecord rec) - throws EBaseException { + String sno, ICertRecord rec) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -785,26 +791,26 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); - params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); - return params; + mConfig.getString("class")); + params.add(PROP_NOT_FOUND_GOOD, + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + params.add(PROP_BY_NAME, + mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_INCLUDE_NEXT_UPDATE, + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + return params; } catch (Exception e) { return null; } } - public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + public void setConfigParameters(NameValuePairs pairs) + throws EBaseException { Enumeration<String> k = pairs.getNames(); while (k.hasMoreElements()) { @@ -821,8 +827,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: Ready to update Issuer"); try { - if (!((X509CRLImpl)crl).areEntriesIncluded()) - crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded()); + if (!((X509CRLImpl) crl).areEntriesIncluded()) + crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded()); } catch (Exception e) { CMS.debug(e); } @@ -832,51 +838,51 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { if (crl.getThisUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, - Modification.MOD_REPLACE, crl.getThisUpdate()); + Modification.MOD_REPLACE, crl.getThisUpdate()); if (crl.getNextUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, - Modification.MOD_REPLACE, crl.getNextUpdate()); + Modification.MOD_REPLACE, crl.getNextUpdate()); if (mUseCache) { - if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) { - mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, - Modification.MOD_REPLACE, - ((X509CRLImpl)crl).getListOfRevokedCertificates()); - } + if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) { + mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, + Modification.MOD_REPLACE, + ((X509CRLImpl) crl).getListOfRevokedCertificates()); + } } if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(0)); + Modification.MOD_REPLACE, Long.valueOf(0)); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); + Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); } - BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber(); + BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber(); if (crlNumber == null) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, new BigInteger("-1")); + Modification.MOD_REPLACE, new BigInteger("-1")); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, crlNumber); + Modification.MOD_REPLACE, crlNumber); } try { mods.add(ICRLIssuingPointRecord.ATTR_CRL, - Modification.MOD_REPLACE, crl.getEncoded()); + Modification.MOD_REPLACE, crl.getEncoded()); } catch (Exception e) { // ignore } - CMS.debug("DefStore: ready to CRL update " + - crl.getIssuerDN().getName()); + CMS.debug("DefStore: ready to CRL update " + + crl.getIssuerDN().getName()); modifyCRLIssuingPointRecord( - crl.getIssuerDN().getName(), mods); - CMS.debug("DefStore: done CRL update " + - crl.getIssuerDN().getName()); + crl.getIssuerDN().getName(), mods); + CMS.debug("DefStore: done CRL update " + + crl.getIssuerDN().getName()); // update cache mCacheCRLIssuingPoints.clear(); - log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + - " thisUpdate=" + crl.getThisUpdate() + - " nextUpdate=" + crl.getNextUpdate()); + log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + + " thisUpdate=" + crl.getThisUpdate() + + " nextUpdate=" + crl.getNextUpdate()); } finally { mStateCount--; @@ -889,7 +895,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } - class DeleteOldCRLsThread extends Thread { private DefStore mDefStore = null; @@ -905,7 +910,6 @@ class DeleteOldCRLsThread extends Thread { } } - class CRLIPContainer { private ICRLIssuingPointRecord mRec = null; private X509CertImpl mCert = null; diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java index 5e4e6566..83ec664b 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -71,11 +70,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** * This is the LDAP OCSP store. It reads CA certificate and * revocation list attributes from the CA entry. - * + * * @version $Revision$, $Date$ */ public class LDAPStore implements IDefStore, IExtendedPluginInfo { @@ -93,8 +91,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { private static final String PROP_PORT = "port"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; - private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + private final static String PROP_INCLUDE_NEXT_UPDATE = + "includeNextUpdate"; private IOCSPAuthority mOCSPAuthority = null; private IConfigStore mConfig = null; @@ -111,8 +109,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public LDAPStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector v = new Vector(); + public String[] getExtendedPluginInfo(Locale locale) { + Vector v = new Vector(); v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); @@ -121,33 +119,33 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR")); v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); - return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); + return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } /** * Fetch CA certificate and CRL from LDAP server. */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR); - mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, + mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR); mByName = mConfig.getBoolean(PROP_BY_NAME, true); - + } /** * Locates the CA certificate. */ - public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) - throws EBaseException { + public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) + throws EBaseException { try { - LDAPSearchResults results = conn.search(baseDN, - LDAPv2.SCOPE_SUB, mCACertAttr + "=*", + LDAPSearchResults results = conn.search(baseDN, + LDAPv2.SCOPE_SUB, mCACertAttr + "=*", null, false); if (!results.hasMoreElements()) { @@ -166,8 +164,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return caCert; } catch (Exception e) { CMS.debug("LDAPStore: locateCACert " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OCSP_LOCATE_CA", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_LOCATE_CA", e.toString())); } return null; } @@ -175,11 +173,11 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { /** * Locates the CRL. */ - public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) - throws EBaseException { + public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) + throws EBaseException { try { - LDAPSearchResults results = conn.search(baseDN, - LDAPv2.SCOPE_SUB, mCRLAttr + "=*", + LDAPSearchResults results = conn.search(baseDN, + LDAPv2.SCOPE_SUB, mCRLAttr + "=*", null, false); if (!results.hasMoreElements()) { @@ -198,21 +196,20 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return crl; } catch (Exception e) { CMS.debug("LDAPStore: locateCRL " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString())); } return null; } - public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) - throws EBaseException { + public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) + throws EBaseException { X509CRLImpl oldCRL = (X509CRLImpl) mCRLs.get(caCert); if (oldCRL != null) { - if (oldCRL.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime()) { - log(ILogger.LL_INFO, - "LDAPStore: no update, received CRL is older than current CRL"); + if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate().getTime()) { + log(ILogger.LL_INFO, + "LDAPStore: no update, received CRL is older than current CRL"); return; // no update } } @@ -240,8 +237,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null); CRLUpdater updater = new CRLUpdater( this, c, baseDN, - mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), - DEF_REFRESH_IN_SEC)); + mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), + DEF_REFRESH_IN_SEC)); updater.start(); } @@ -265,10 +262,10 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) + throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -279,13 +276,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { Vector singleResponses = new Vector(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + com.netscape.cmsutil.ocsp.Request req = + tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -293,12 +290,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -323,14 +320,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } } - ResponseData rd = new ResponseData(rid, + ResponseData rd = new ResponseData(rid, new GeneralizedTime(CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); @@ -338,13 +335,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { long signEndTime = CMS.getCurrentDate().getTime(); mOCSPAuthority.incSignTime(signEndTime - signStartTime); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } OCSPResponse response = new OCSPResponse( - OCSPResponseStatus.SUCCESSFUL, - new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + OCSPResponseStatus.SUCCESSFUL, + new ResponseBytes(ResponseBytes.OCSP_BASIC, + new OCTET_STRING(ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -375,8 +372,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } @@ -389,12 +386,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } public Enumeration searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + throws EBaseException { Vector recs = new Vector(); Enumeration keys = mCRLs.keys(); @@ -408,25 +405,25 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public Enumeration searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + int maxSize) + throws EBaseException { return null; } public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { + String name, BigInteger crlNumber, + Long crlSize, Date thisUpdate, Date nextUpdate) { return null; } public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { - throw new EBaseException("NOT SUPPORTED"); + throws EBaseException { + throw new EBaseException("NOT SUPPORTED"); } public boolean isNotFoundGood() { @@ -439,7 +436,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public boolean includeNextUpdate() throws EBaseException { return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false); - } + } public boolean isNotFoundGood1() throws EBaseException { return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true); @@ -470,7 +467,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } X509Key key = (X509Key) caCert.getPublicKey(); - if( key == null ) { + if (key == null) { System.out.println("LDAPStore::processRequest - key is null!"); return null; } @@ -508,55 +505,55 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { cid.getSerialNumber()); if (entry == null) { - if (isNotFoundGood1()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + if (isNotFoundGood1()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } } else { certStatus = new RevokedInfo(new GeneralizedTime( entry.getRevocationDate())); } - + return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate); } /** * Provides configuration parameters. */ - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); + params.add(Constants.PR_OCSPSTORE_IMPL_NAME, + mConfig.getString("class")); int num = mConfig.getInteger(PROP_NUM_CONNS, 0); params.add(PROP_NUM_CONNS, Integer.toString(num)); for (int i = 0; i < num; i++) { - params.add(PROP_HOST + Integer.toString(i), - mConfig.getString(PROP_HOST + - Integer.toString(i), "")); - params.add(PROP_PORT + Integer.toString(i), - mConfig.getString(PROP_PORT + - Integer.toString(i), "389")); - params.add(PROP_BASE_DN + Integer.toString(i), - mConfig.getString(PROP_BASE_DN + - Integer.toString(i), "")); - params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), - mConfig.getString(PROP_REFRESH_IN_SEC + - Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC))); + params.add(PROP_HOST + Integer.toString(i), + mConfig.getString(PROP_HOST + + Integer.toString(i), "")); + params.add(PROP_PORT + Integer.toString(i), + mConfig.getString(PROP_PORT + + Integer.toString(i), "389")); + params.add(PROP_BASE_DN + Integer.toString(i), + mConfig.getString(PROP_BASE_DN + + Integer.toString(i), "")); + params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), + mConfig.getString(PROP_REFRESH_IN_SEC + + Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC))); } - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_CA_CERT_ATTR, - mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR)); + params.add(PROP_BY_NAME, + mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_CA_CERT_ATTR, + mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR)); params.add(PROP_CRL_ATTR, - mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR)); + mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR)); params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); return params; } catch (Exception e) { return null; @@ -564,7 +561,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + throws EBaseException { Enumeration k = pairs.getNames(); while (k.hasMoreElements()) { @@ -575,15 +572,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } } - class CRLUpdater extends Thread { private LDAPConnection mC = null; private String mBaseDN = null; private int mSec = 0; private LDAPStore mStore = null; - public CRLUpdater(LDAPStore store, LDAPConnection c, - String baseDN, int sec) { + public CRLUpdater(LDAPStore store, LDAPConnection c, + String baseDN, int sec) { mC = c; mSec = sec; mBaseDN = baseDN; @@ -608,7 +604,6 @@ class CRLUpdater extends Thread { } } - class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { /** * @@ -739,7 +734,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { return null; } - public void set(String name, Object obj)throws EBaseException { + public void set(String name, Object obj) throws EBaseException { } public Object get(String name) throws EBaseException { @@ -747,7 +742,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { } public void delete(String name) throws EBaseException { - + } public Enumeration getElements() { diff --git a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java index 4d59f34e..d0b596c5 100644 --- a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java +++ b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.password; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.password.EPasswordCheckException; import com.netscape.certsrv.password.IConfigPasswordCheck; import com.netscape.certsrv.password.IPasswordCheck; - /** * This class checks the given password if it meets the specific requirements. - * For example, it can also specify the format of the password which has to + * For example, it can also specify the format of the password which has to * be 8 characters long and must be in alphanumeric. * <P> * @@ -75,9 +73,10 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck { /** * Returns true if the given password meets the quality requirement; * otherwise returns false. + * * @param mPassword The given password being checked. * @return true if the password meets the quality requirement; otherwise - * returns false. + * returns false. */ public boolean isGoodPassword(String mPassword) { if (mPassword == null || mPassword.length() == 0) { @@ -96,6 +95,7 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck { /** * Returns a reason if the password doesnt meet the quality requirement. + * * @return string as a reason if the password quality requirement is not met. */ public String getReason(String mPassword) { @@ -113,4 +113,3 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck { return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java index d9a527d6..1c43d92d 100644 --- a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java +++ b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy; - import java.io.IOException; import java.security.InvalidKeyException; import java.security.MessageDigest; @@ -42,16 +41,16 @@ import com.netscape.certsrv.request.AgentApprovals; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; - /** * The abstract policy rule that concrete implementations will * extend. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -68,15 +67,16 @@ public abstract class APolicyRule implements IPolicyRule { /** * Initializes the policy rule. * <P> - * - * @param config The config store reference + * + * @param config The config store reference */ public abstract void init(ISubsystem owner, IConfigStore config) - throws EBaseException; + throws EBaseException; /** * Gets the description for this policy rule. * <P> + * * @return The Description for this rule. */ public String getDescription() { @@ -86,8 +86,8 @@ public abstract class APolicyRule implements IPolicyRule { /** * Sets a predicate expression for rule matching. * <P> - * - * @param exp The predicate expression for the rule. + * + * @param exp The predicate expression for the rule. */ public void setPredicate(IExpression exp) { mFilterExp = exp; @@ -96,7 +96,7 @@ public abstract class APolicyRule implements IPolicyRule { /** * Returns the predicate expression for the rule. * <P> - * + * * @return The predicate expression for the rule. */ public IExpression getPredicate() { @@ -106,7 +106,7 @@ public abstract class APolicyRule implements IPolicyRule { /** * Returns the name of the policy rule. * <P> - * + * * @return The name of the policy class. */ public String getName() { @@ -114,45 +114,45 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * Sets the instance name for a policy rule. + * Sets the instance name for a policy rule. * <P> - * - * @param instanceName The name of the rule instance. + * + * @param instanceName The name of the rule instance. */ - public void setInstanceName(String instanceName) { + public void setInstanceName(String instanceName) { mInstanceName = instanceName; } /** * Returns the name of the policy rule instance. * <P> - * + * * @return The name of the policy rule instance if set, else - * the name of the rule class. + * the name of the rule class. */ - public String getInstanceName() { + public String getInstanceName() { return mInstanceName != null ? mInstanceName : NAME; } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public abstract PolicyResult apply(IRequest req); /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public abstract Vector getInstanceParams(); /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public abstract Vector getDefaultParams(); @@ -161,8 +161,8 @@ public abstract class APolicyRule implements IPolicyRule { setPolicyException(req, format, params); } - public void setError(IRequest req, String format, String arg1, - String arg2) { + public void setError(IRequest req, String format, String arg1, + String arg2) { Object[] np = new Object[2]; np[0] = arg1; @@ -189,7 +189,7 @@ public abstract class APolicyRule implements IPolicyRule { /** * determines whether a DEFERRED policy result should be returned - * by checking the contents of the AgentApprovals attribute. This + * by checking the contents of the AgentApprovals attribute. This * call should be used by policy modules instead of returning * PolicyResult.DEFERRED directly. * <p> @@ -223,12 +223,12 @@ public abstract class APolicyRule implements IPolicyRule { } } - public void setPolicyException(IRequest req, String format, - Object[] params) { - if (format == null) + public void setPolicyException(IRequest req, String format, + Object[] params) { + if (format == null) return; - EPolicyException ex; + EPolicyException ex; if (params == null) ex = new EPolicyException(format); @@ -247,12 +247,12 @@ public abstract class APolicyRule implements IPolicyRule { * log a message for this policy rule. */ protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "APolicyRule " + NAME + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, + "APolicyRule " + NAME + ": " + msg); } - public static KeyIdentifier createKeyIdentifier(X509Key key) - throws NoSuchAlgorithmException, InvalidKeyException { + public static KeyIdentifier createKeyIdentifier(X509Key key) + throws NoSuchAlgorithmException, InvalidKeyException { MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(key.getEncoded()); @@ -260,19 +260,20 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * Form a byte array of octet string key identifier from the sha-1 hash of + * Form a byte array of octet string key identifier from the sha-1 hash of * the Subject Public Key INFO. (including algorithm ID, etc.) * <p> + * * @param certInfo cert info of the certificate. * @return A Key identifier with the sha-1 hash of subject public key. */ protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; try { CertificateX509Key certKey = - (CertificateX509Key) certInfo.get(X509CertInfo.KEY); + (CertificateX509Key) certInfo.get(X509CertInfo.KEY); if (certKey == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", "")); @@ -286,23 +287,23 @@ public abstract class APolicyRule implements IPolicyRule { } keyId = createKeyIdentifier(key); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } @@ -310,19 +311,20 @@ public abstract class APolicyRule implements IPolicyRule { } /** - * Form a byte array of octet string key identifier from the sha-1 hash of + * Form a byte array of octet string key identifier from the sha-1 hash of * the Subject Public Key BIT STRING. * <p> + * * @param certInfo cert info of the certificate. * @return A Key identifier with the sha-1 hash of subject public key. */ protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; try { CertificateX509Key certKey = - (CertificateX509Key) certInfo.get(X509CertInfo.KEY); + (CertificateX509Key) certInfo.get(X509CertInfo.KEY); if (certKey == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", "")); @@ -341,22 +343,21 @@ public abstract class APolicyRule implements IPolicyRule { md.update(rawKey); keyId = new KeyIdentifier(md.digest()); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } return keyId; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java index 3aeadabe..c9e9401a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Vector; import com.netscape.certsrv.apps.CMS; @@ -30,24 +29,24 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * AgentPolicy is an enrollment policy wraps another policy module. - * Requests are sent first to the contained module, but if the - * policy indicates that the request should be deferred, a check - * for agent approvals is done. If any are found, the request - * is approved. + * Requests are sent first to the contained module, but if the + * policy indicates that the request should be deferred, a check + * for agent approvals is done. If any are found, the request + * is approved. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class AgentPolicy extends APolicyRule - implements IEnrollmentPolicy { + implements IEnrollmentPolicy { public AgentPolicy() { NAME = "AgentPolicy"; DESC = "Agent Approval Policy"; @@ -56,19 +55,15 @@ public class AgentPolicy extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=AgentPolicy - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * ra.Policy.rule.<ruleName>.class=xxxx - * ra.Policy.rule.<ruleName>.params.* - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=AgentPolicy ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com ra.Policy.rule.<ruleName>.class=xxxx ra.Policy.rule.<ruleName>.params.* + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Create subordinate object String className = (String) config.get("class"); @@ -79,14 +74,14 @@ public class AgentPolicy extends APolicyRule try { @SuppressWarnings("unchecked") - Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className); + Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className); Object o = c.newInstance(); if (!(o instanceof APolicyRule)) { throw new EPolicyException( - CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS", - getInstanceName(), className)); + CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS", + getInstanceName(), className)); } APolicyRule pr = (APolicyRule) o; @@ -100,7 +95,7 @@ public class AgentPolicy extends APolicyRule System.err.println("Agent Policy Error: " + e); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_LOADING_POLICY_ERROR", - getInstanceName(), className)); + getInstanceName(), className)); } } } @@ -108,8 +103,8 @@ public class AgentPolicy extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -144,7 +139,7 @@ public class AgentPolicy extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getInstanceParams() { @@ -153,13 +148,12 @@ public class AgentPolicy extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getDefaultParams() { return null; } - APolicyRule mPolicy = null; + APolicyRule mPolicy = null; } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java index 90e81ed4..93327445 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -44,20 +43,20 @@ import com.netscape.certsrv.request.PolicyResult; import com.netscape.certsrv.request.RequestId; import com.netscape.cms.policy.APolicyRule; - /** * This checks if attribute present. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class AttributePresentConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { +public class AttributePresentConstraints extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_ENABLED = "enabled"; protected static final String PROP_LDAP = "ldap"; @@ -82,42 +81,42 @@ public class AttributePresentConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String params[] = { PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " + - DEF_ATTR + ")", + DEF_ATTR + ")", PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " + - "match this value for the request to proceed ", + "match this value for the request to proceed ", PROP_LDAP_BASE + ";string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here", + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here", PROP_LDAP_HOST + ";string,required;" + - "LDAP host to connect to", + "LDAP host to connect to", PROP_LDAP_PORT + ";number,required;" + - "LDAP port number (use 389, or 636 if SSL)", + "LDAP port number (use 389, or 636 if SSL)", PROP_LDAP_SSL + ";boolean;" + - "Use SSL to connect to directory?", + "Use SSL to connect to directory?", PROP_LDAP_VER + ";choice(3,2),required;" + - "LDAP protocol version", + "LDAP protocol version", PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " + - "For example 'CN=Pincheck User'", + "For example 'CN=Pincheck User'", PROP_LDAP_PW + ";password;Enter password used to bind as " + - "the above user", + "the above user", PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" + - "How to bind to the directory", + "How to bind to the directory", PROP_LDAP_CERT + ";string;If you want to use " + - "SSL client auth to the directory, set the client " + - "cert nickname here", + "SSL client auth to the directory, set the client " + + "cert nickname here", PROP_LDAP_BASE + ";string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here", + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here", PROP_LDAP_MINC + ";number;number of connections " + - "to keep open to directory server. Default " + DEF_LDAP_MINC, + "to keep open to directory server. Default " + DEF_LDAP_MINC, PROP_LDAP_MAXC + ";number;when needed, connection " + - "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC, + "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC, IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-pinpresent", + ";configuration-policyrules-pinpresent", IExtendedPluginInfo.HELP_TEXT + - ";" + DESC + " This plugin can be used to " + - "check the presence (and, optionally, the value) of any LDAP " + - "attribute for the user. " + ";" + DESC + " This plugin can be used to " + + "check the presence (and, optionally, the value) of any LDAP " + + "attribute for the user. " }; return params; @@ -179,9 +178,9 @@ public class AttributePresentConstraints extends APolicyRule protected static final String PROP_VALUE = "value"; protected static final String DEF_VALUE = ""; - protected static Vector<String> mParamNames; + protected static Vector<String> mParamNames; protected static Hashtable<String, Object> mParamDefault; - protected Hashtable<String, Object> mParamValue = null; + protected Hashtable<String, Object> mParamValue = null; static { mParamNames = new Vector<String>(); @@ -200,7 +199,7 @@ public class AttributePresentConstraints extends APolicyRule addParam(PROP_ATTR, DEF_ATTR); addParam(PROP_VALUE, DEF_VALUE); }; - + protected static void addParam(String name, Object value) { mParamNames.addElement(name); mParamDefault.put(name, value); @@ -209,8 +208,8 @@ public class AttributePresentConstraints extends APolicyRule protected void getStringConfigParam(IConfigStore config, String paramName) { try { mParamValue.put( - paramName, config.getString(paramName, (String) mParamDefault.get(paramName)) - ); + paramName, config.getString(paramName, (String) mParamDefault.get(paramName)) + ); } catch (Exception e) { } } @@ -218,12 +217,12 @@ public class AttributePresentConstraints extends APolicyRule protected void getIntConfigParam(IConfigStore config, String paramName) { try { mParamValue.put( - paramName, Integer.valueOf( - config.getInteger(paramName, - ((Integer) mParamDefault.get(paramName)).intValue() - ) - ) - ); + paramName, Integer.valueOf( + config.getInteger(paramName, + ((Integer) mParamDefault.get(paramName)).intValue() + ) + ) + ); } catch (Exception e) { } } @@ -231,18 +230,18 @@ public class AttributePresentConstraints extends APolicyRule protected void getBooleanConfigParam(IConfigStore config, String paramName) { try { mParamValue.put( - paramName, Boolean.valueOf( - config.getBoolean(paramName, - ((Boolean) mParamDefault.get(paramName)).booleanValue() - ) - ) - ); + paramName, Boolean.valueOf( + config.getBoolean(paramName, + ((Boolean) mParamDefault.get(paramName)).booleanValue() + ) + ) + ); } catch (Exception e) { } } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mParamValue = new Hashtable<String, Object>(); @@ -277,7 +276,7 @@ public class AttributePresentConstraints extends APolicyRule String requestType = r.getRequestType(); if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || - requestType.equals(IRequest.RENEWAL_REQUEST)) { + requestType.equals(IRequest.RENEWAL_REQUEST)) { String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid"); @@ -291,10 +290,10 @@ public class AttributePresentConstraints extends APolicyRule try { String[] attrs = { (String) mParamValue.get(PROP_ATTR) }; - LDAPSearchResults searchResult = - mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE), - LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false); - + LDAPSearchResults searchResult = + mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE), + LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false); + if (!searchResult.hasMoreElements()) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), ""); @@ -304,12 +303,12 @@ public class AttributePresentConstraints extends APolicyRule LDAPEntry entry = (LDAPEntry) searchResult.nextElement(); userdn = entry.getDN(); - + LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR)); /* if attribute not present, reject the request */ if (attr == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn)); setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), ""); return PolicyResult.REJECTED; } @@ -331,7 +330,7 @@ public class AttributePresentConstraints extends APolicyRule return PolicyResult.REJECTED; } } - + CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\""); } catch (LDAPException e) { @@ -344,7 +343,7 @@ public class AttributePresentConstraints extends APolicyRule return res; } - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); Enumeration<String> e = mParamNames.elements(); @@ -397,10 +396,11 @@ public class AttributePresentConstraints extends APolicyRule } protected void log(int level, String msg) { - if (mLogger == null) return; + if (mLogger == null) + return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "AttributePresentConstraints: " + msg); + level, "AttributePresentConstraints: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java index 3caee615..b9a6e24a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.Locale; @@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * DSAKeyConstraints policy enforces min and max size of the key. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class DSAKeyConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private int mMinSize; private int mMaxSize; @@ -73,7 +72,7 @@ public class DSAKeyConstraints extends APolicyRule defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE); defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE); } - + public DSAKeyConstraints() { NAME = "DSAKeyConstraints"; DESC = "Enforces DSA Key Constraints."; @@ -84,9 +83,9 @@ public class DSAKeyConstraints extends APolicyRule PROP_MIN_SIZE + ";number;Minimum key size", PROP_MAX_SIZE + ";number;Maximum key size", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-dsakeyconstraints", + ";configuration-policyrules-dsakeyconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Rejects request if DSA key size is out of range" + ";Rejects request if DSA key size is out of range" }; return params; @@ -95,18 +94,13 @@ public class DSAKeyConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * - * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minSize=512 - * ra.Policy.rule.<ruleName>.maxSize=1024 - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * - * @param config The config store reference + * + * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=1024 ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get Min and Max sizes mConfig = config; @@ -120,34 +114,34 @@ public class DSAKeyConstraints extends APolicyRule log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MAX_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MAX_SIZE, msg)); } if (mMinSize < DEF_MIN_SIZE) { String msg = "cannot be less than " + DEF_MIN_SIZE; log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MIN_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MIN_SIZE, msg)); } if (mMaxSize % INCREMENT != 0) { String msg = "must be in increments of " + INCREMENT; log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MIN_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MIN_SIZE, msg)); } if (mMaxSize % INCREMENT != 0) { String msg = "must be in increments of " + INCREMENT; log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg); throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_MIN_SIZE, msg)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_MIN_SIZE, msg)); } - + config.putInteger(PROP_MIN_SIZE, mMinSize); config.putInteger(PROP_MAX_SIZE, mMaxSize); @@ -160,8 +154,8 @@ public class DSAKeyConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -171,7 +165,7 @@ public class DSAKeyConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo ci[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. if (ci == null || ci[0] == null) { @@ -182,19 +176,19 @@ public class DSAKeyConstraints extends APolicyRule // Else check if the key size(s) are within the limit. for (int i = 0; i < ci.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - ci[i].get(X509CertInfo.KEY); + ci[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().toString(); if (!alg.equalsIgnoreCase(DSA)) continue; - // Check DSAKey parameters. - // size refers to the p parameter. + // Check DSAKey parameters. + // size refers to the p parameter. DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded()); DSAParams keyParams = dsaKey.getParams(); - if (keyParams == null) { + if (keyParams == null) { // key parameters could not be parsed. Object[] params = new Object[] { getInstanceName(), String.valueOf(i + 1) }; @@ -205,11 +199,11 @@ public class DSAKeyConstraints extends APolicyRule BigInteger p = keyParams.getP(); int len = p.bitLength(); - if (len < mMinSize || len > mMaxSize || - (len % INCREMENT) != 0) { - String[] parms = new String[] { - getInstanceName(), - String.valueOf(len), + if (len < mMinSize || len > mMaxSize || + (len % INCREMENT) != 0) { + String[] parms = new String[] { + getInstanceName(), + String.valueOf(len), String.valueOf(mMinSize), String.valueOf(mMaxSize), String.valueOf(INCREMENT) }; @@ -220,7 +214,7 @@ public class DSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = { getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -230,27 +224,27 @@ public class DSAKeyConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); try { confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE)); confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE)); - } catch (EBaseException e) {; + } catch (EBaseException e) { + ; } return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java index 3d4aedc3..fd143646 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.Vector; @@ -30,22 +29,22 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * This is the default revocation policy. Currently this does * nothing. We can later add checks like whether or not to * revoke expired certs ..etc here. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class DefaultRevocation extends APolicyRule - implements IRevocationPolicy, IExtendedPluginInfo { + implements IRevocationPolicy, IExtendedPluginInfo { public DefaultRevocation() { NAME = "DefaultRevocation"; DESC = "Default Revocation Policy"; @@ -54,24 +53,22 @@ public class DefaultRevocation extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=DefaultRevocation - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=DefaultRevocation ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -80,7 +77,7 @@ public class DefaultRevocation extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { @@ -89,7 +86,7 @@ public class DefaultRevocation extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -104,4 +101,3 @@ public class DefaultRevocation extends APolicyRule return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java index aed75bcd..f79688f4 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.Vector; @@ -35,29 +34,29 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * IssuerConstraints is a rule for restricting the issuers of the * certificates used for certificate-based enrollments. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$ $Date$ */ public class IssuerConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private final static String PROP_ISSUER_DN = "issuerDN"; private static final String CLIENT_ISSUER = "clientIssuer"; private X500Name mIssuerDN = null; private String mIssuerDNString; /** - * checks the issuer of the ssl client-auth cert. Only one issuer - * is allowed for now + * checks the issuer of the ssl client-auth cert. Only one issuer + * is allowed for now */ public IssuerConstraints() { NAME = "IssuerConstraints"; @@ -68,10 +67,10 @@ public class IssuerConstraints extends APolicyRule String[] params = { PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-issuerconstraints", + ";configuration-policyrules-issuerconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Rejects the request if the issuer in the certificate is" + - "not of the one specified" + ";Rejects the request if the issuer in the certificate is" + + "not of the one specified" }; return params; @@ -81,34 +80,35 @@ public class IssuerConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * @param config The config store reference + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { try { mIssuerDNString = config.getString(PROP_ISSUER_DN, null); - if ((mIssuerDNString != null) && - !mIssuerDNString.equals("")) { + if ((mIssuerDNString != null) && + !mIssuerDNString.equals("")) { mIssuerDN = new X500Name(mIssuerDNString); } } catch (Exception e) { - log(ILogger.LL_FAILURE, - NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); + log(ILogger.LL_FAILURE, + NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); } CMS.debug( - NAME + ": init() done"); + NAME + ": init() done"); } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -125,82 +125,82 @@ public class IssuerConstraints extends APolicyRule if (!ci_name.equals(mIssuerDN)) { setError(req, - CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", - getInstanceName()), ""); + CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", + getInstanceName()), ""); result = PolicyResult.REJECTED; log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); CMS.debug( - NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString); + NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString); } } else { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo == null) { - log(ILogger.LL_FAILURE, - NAME + ": apply() - missing certInfo"); - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + log(ILogger.LL_FAILURE, + NAME + ": apply() - missing certInfo"); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } - + for (int i = 0; i < certInfo.length; i++) { String oldIssuer = (String) - certInfo[i].get(X509CertInfo.ISSUER).toString(); - + certInfo[i].get(X509CertInfo.ISSUER).toString(); + if (oldIssuer == null) { setError(req, - CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND", - getInstanceName()), ""); + CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND", + getInstanceName()), ""); result = PolicyResult.REJECTED; - log(ILogger.LL_FAILURE, - NAME + ": apply() - client issuerDN not found"); + log(ILogger.LL_FAILURE, + NAME + ": apply() - client issuerDN not found"); } X500Name oi_name = new X500Name(oldIssuer); if (!oi_name.equals(mIssuerDN)) { setError(req, - CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", - getInstanceName()), ""); + CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER", + getInstanceName()), ""); result = PolicyResult.REJECTED; - log(ILogger.LL_FAILURE, - NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString); + log(ILogger.LL_FAILURE, + NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString); } } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } if (result.equals(PolicyResult.ACCEPTED)) { - log(ILogger.LL_INFO, - NAME + ": apply() - accepted"); + log(ILogger.LL_INFO, + NAME + ": apply() - accepted"); } return result; } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_ISSUER_DN + "=" + - mIssuerDNString); + mIssuerDNString); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java index 8286cf31..c523ae9f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -37,43 +36,43 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * KeyAlgorithmConstraints enforces a constraint that the RA or a CA * honor only the keys generated using one of the permitted algorithms * such as RSA, DSA or DH. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class KeyAlgorithmConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private Vector mAlgorithms; private final static String DEF_KEY_ALGORITHM = "RSA,DSA"; private final static String PROP_ALGORITHMS = "algorithms"; private final static String[] supportedAlgorithms = - {"RSA", "DSA", "DH" }; + { "RSA", "DSA", "DH" }; private final static Vector defConfParams = new Vector(); static { - defConfParams.addElement(PROP_ALGORITHMS + "=" + - DEF_KEY_ALGORITHM); + defConfParams.addElement(PROP_ALGORITHMS + "=" + + DEF_KEY_ALGORITHM); } public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-keyalgorithmconstraints", + ";configuration-policyrules-keyalgorithmconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Rejects the request if the key in the certificate is " + - "not of the type specified" + ";Rejects the request if the key in the certificate is " + + "not of the type specified" }; return params; @@ -87,17 +86,13 @@ public class KeyAlgorithmConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * - * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { mAlgorithms = new Vector(); @@ -112,7 +107,7 @@ public class KeyAlgorithmConstraints extends APolicyRule try { algNames = config.getString(PROP_ALGORITHMS, null); } catch (Exception e) { - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -133,11 +128,10 @@ public class KeyAlgorithmConstraints extends APolicyRule } // Check if configured algorithms are supported. - for (Enumeration e = mAlgorithms.elements(); - e.hasMoreElements();) { + for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) { int i; String configuredAlg = (String) e.nextElement(); - + // See if it is a supported algorithm. for (i = 0; i < supportedAlgorithms.length; i++) { if (configuredAlg.equals(supportedAlgorithms[i])) @@ -148,15 +142,15 @@ public class KeyAlgorithmConstraints extends APolicyRule if (i == supportedAlgorithms.length) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG", - getInstanceName(), configuredAlg)); + getInstanceName(), configuredAlg)); } } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -179,18 +173,18 @@ public class KeyAlgorithmConstraints extends APolicyRule // Else check if the key algorithm is supported. for (int i = 0; i < certInfo.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - certInfo[i].get(X509CertInfo.KEY); + certInfo[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); if (!mAlgorithms.contains(alg)) { - setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", + setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", getInstanceName(), alg), ""); result = PolicyResult.REJECTED; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); @@ -201,10 +195,10 @@ public class KeyAlgorithmConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector v = new Vector(); StringBuffer sb = new StringBuffer(); @@ -217,14 +211,13 @@ public class KeyAlgorithmConstraints extends APolicyRule v.addElement(PROP_ALGORITHMS + "=" + sb.toString()); return v; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java index a2bf9437..1abc5bda 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Vector; import com.netscape.certsrv.authentication.IAuthToken; @@ -29,23 +28,23 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * ManualAuthentication is an enrollment policy that queues * all requests for issuing agent's approval if no authentication * is present. The policy rejects a request if any of the auth tokens * indicates authentication failure. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class ManualAuthentication extends APolicyRule - implements IEnrollmentPolicy { + implements IEnrollmentPolicy { public ManualAuthentication() { NAME = "ManualAuthentication"; DESC = "Manual Authentication Policy"; @@ -54,30 +53,28 @@ public class ManualAuthentication extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=ManualAuthentication - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ManualAuthentication ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { IAuthToken authToken = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN); - if (authToken == null) + if (authToken == null) return deferred(req); return PolicyResult.ACCEPTED; @@ -85,7 +82,7 @@ public class ManualAuthentication extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { @@ -94,11 +91,10 @@ public class ManualAuthentication extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java index 7f7537bf..57176950 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * RSAKeyConstraints policy enforces min and max size of the key. * Optionally checks the exponents. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RSAKeyConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private Vector mExponents; private int mMinSize; private int mMaxSize; @@ -81,10 +80,10 @@ public class RSAKeyConstraints extends APolicyRule PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)", PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-rsakeyconstraints", + ";configuration-policyrules-rsakeyconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Reject request if RSA key length is not within the " + - "specified constraints" + ";Reject request if RSA key length is not within the " + + "specified constraints" }; return params; @@ -98,38 +97,34 @@ public class RSAKeyConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minSize=512 - * ra.Policy.rule.<ruleName>.maxSize=2048 - * ra.Policy.rule.<ruleName>.predicate=ou==Marketing - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=2048 ra.Policy.rule.<ruleName>.predicate=ou==Marketing + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (config == null || config.size() == 0) throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG", - getInstanceName())); + getInstanceName())); String exponents = null; // Get Min and Max sizes mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE); mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE); - if (mMinSize <= 0) + if (mMinSize <= 0) throw new EBaseException( CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE)); - if (mMaxSize <= 0) + if (mMaxSize <= 0) throw new EBaseException( CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE)); - if (mMinSize > mMaxSize) + if (mMinSize > mMaxSize) throw new EBaseException( CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE)); @@ -149,8 +144,8 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), exponents, - PROP_EXPONENTS}; + String[] params = { getInstanceName(), exponents, + PROP_EXPONENTS }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params)); @@ -161,8 +156,8 @@ public class RSAKeyConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -172,11 +167,11 @@ public class RSAKeyConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // There should be a certificate info set. if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -184,7 +179,7 @@ public class RSAKeyConstraints extends APolicyRule // Else check if the key size(s) are within the limit. for (int i = 0; i < certInfo.length; i++) { CertificateX509Key certKey = (CertificateX509Key) - certInfo[i].get(X509CertInfo.KEY); + certInfo[i].get(X509CertInfo.KEY); X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().toString(); @@ -196,22 +191,22 @@ public class RSAKeyConstraints extends APolicyRule newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); } catch (Exception e) { - CMS.debug( "RSAKeyConstraints::apply() - " - + "Exception="+e.toString() ); - setError( req, - CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION", - getInstanceName() ), - "" ); + CMS.debug("RSAKeyConstraints::apply() - " + + "Exception=" + e.toString()); + setError(req, + CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", + getInstanceName()), + ""); return PolicyResult.REJECTED; } RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded()); int keySize = rsaKey.getKeySize(); if (keySize < mMinSize || keySize > mMaxSize) { - String[] params = {getInstanceName(), - String.valueOf(keySize), + String[] params = { getInstanceName(), + String.valueOf(keySize), String.valueOf(mMinSize), - String.valueOf(mMaxSize)}; + String.valueOf(mMaxSize) }; setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION", params), ""); @@ -226,15 +221,14 @@ public class RSAKeyConstraints extends APolicyRule if (!mExponents.contains(exp)) { StringBuffer sb = new StringBuffer(); - for (Enumeration e = mExponents.elements(); - e.hasMoreElements();) { + for (Enumeration e = mExponents.elements(); e.hasMoreElements();) { BigInt bi = (BigInt) e.nextElement(); sb.append(bi.toBigInteger().toString()); sb.append(" "); } - String[] params = {getInstanceName(), - exp.toBigInteger().toString(), new String(sb)}; + String[] params = { getInstanceName(), + exp.toBigInteger().toString(), new String(sb) }; setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), ""); result = PolicyResult.REJECTED; @@ -243,7 +237,7 @@ public class RSAKeyConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -253,10 +247,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize); @@ -275,11 +269,10 @@ public class RSAKeyConstraints extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { return defConfParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java index 08e479b8..499e2663 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -37,21 +36,22 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Whether to allow renewal of an expired cert. + * * @version $Revision$, $Date$ - * <P> - * <PRE> + * <P> + * + * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> - * <P> - * + * <P> + * * @deprecated * @version $Revision$, $Date$ */ public class RenewalConstraints extends APolicyRule - implements IRenewalPolicy, IExtendedPluginInfo { + implements IRenewalPolicy, IExtendedPluginInfo { private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts"; private static final String PROP_RENEWAL_NOT_AFTER = "renewalNotAfter"; @@ -66,7 +66,7 @@ public class RenewalConstraints extends APolicyRule static { defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true); defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" + - DEF_RENEWAL_NOT_AFTER); + DEF_RENEWAL_NOT_AFTER); } public RenewalConstraints() { @@ -79,10 +79,10 @@ public class RenewalConstraints extends APolicyRule PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate", PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-renewalconstraints", + ";configuration-policyrules-renewalconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Permit administrator to decide policy on whether to " + - "permit renewals for already-expired certificates" + ";Permit administrator to decide policy on whether to " + + "permit renewals for already-expired certificates" }; return params; @@ -92,24 +92,22 @@ public class RenewalConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.allowExpiredCerts=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.allowExpiredCerts=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and configure them. try { - mAllowExpiredCerts = + mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true); String val = config.getString(PROP_RENEWAL_NOT_AFTER, null); - if (val == null) + if (val == null) mRenewalNotAfter = DEF_RENEWAL_NOT_AFTER * DAYS_TO_MS_FACTOR; else { mRenewalNotAfter = Long.parseLong(val) * DAYS_TO_MS_FACTOR; @@ -125,8 +123,8 @@ public class RenewalConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -135,25 +133,25 @@ public class RenewalConstraints extends APolicyRule try { // Get the certificates being renwed. X509CertImpl[] oldCerts = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCerts == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT", getInstanceName()), ""); return PolicyResult.REJECTED; } - + if (mAllowExpiredCerts) { CMS.debug("checking validity of each cert"); // check if each cert to be renewed is expired for more than // allowed days. for (int i = 0; i < oldCerts.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get(X509CertImpl.NAME + "." + - X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + oldCerts[i].get(X509CertImpl.NAME + "." + + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate eligible for renewal ? @@ -166,12 +164,12 @@ public class RenewalConstraints extends APolicyRule if (renewedNotAfter.before(now)) { CMS.debug( - "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); + "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD", - params), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD", + params), ""); return PolicyResult.REJECTED; } } @@ -182,12 +180,12 @@ public class RenewalConstraints extends APolicyRule // check if each cert to be renewed is expired. for (int i = 0; i < oldCerts.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + oldCerts[i].get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -195,19 +193,19 @@ public class RenewalConstraints extends APolicyRule CMS.debug("RenewalConstraints: cert " + i + " notAfter " + notAfter + " now=" + now); if (notAfter.before(now)) { CMS.debug( - "RenewalConstraints: One or more certificates is expired."); + "RenewalConstraints: One or more certificates is expired."); String params[] = { getInstanceName() }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS", - params), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS", + params), ""); result = PolicyResult.REJECTED; break; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -217,22 +215,22 @@ public class RenewalConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement( - PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); + PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" + - mRenewalNotAfter / DAYS_TO_MS_FACTOR); + mRenewalNotAfter / DAYS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java index 3d98f3c2..b3f9298c 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -36,30 +35,30 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * RenewalValidityConstraints is a default rule for Certificate * Renewal. This policy enforces the no of days before which a * currently active certificate can be renewed and sets new validity * period for the renewed certificate starting from the the ending * period in the old certificate. - * + * * The main parameters are: - * - * The renewal leadtime in days: - i.e how many days before the - * expiry of the current certificate can one request the renewal. - * min and max validity duration. + * + * The renewal leadtime in days: - i.e how many days before the + * expiry of the current certificate can one request the renewal. + * min and max validity duration. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RenewalValidityConstraints extends APolicyRule - implements IRenewalPolicy, IExtendedPluginInfo { + implements IRenewalPolicy, IExtendedPluginInfo { private long mMinValidity; private long mMaxValidity; private long mRenewalInterval; @@ -78,11 +77,11 @@ public class RenewalValidityConstraints extends APolicyRule static { defConfParams.addElement(PROP_MIN_VALIDITY + "=" + - DEF_MIN_VALIDITY); + DEF_MIN_VALIDITY); defConfParams.addElement(PROP_MAX_VALIDITY + "=" + - DEF_MAX_VALIDITY); + DEF_MAX_VALIDITY); defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" + - DEF_RENEWAL_INTERVAL); + DEF_RENEWAL_INTERVAL); } public String[] getExtendedPluginInfo(Locale locale) { @@ -91,10 +90,10 @@ public class RenewalValidityConstraints extends APolicyRule PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.", PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-renewalvalidityconstraints", + ";configuration-policyrules-renewalvalidityconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Reject renewal request if the certificate is too far " + - "before it's expiry date" + ";Reject renewal request if the certificate is too far " + + "before it's expiry date" }; return params; @@ -109,20 +108,15 @@ public class RenewalValidityConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minValidity=30 - * ra.Policy.rule.<ruleName>.maxValidity=180 - * ra.Policy.rule.<ruleName>.renewalInterval=15 - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and onfigure them. try { @@ -148,7 +142,7 @@ public class RenewalValidityConstraints extends APolicyRule // minValidity can't be bigger than maxValidity. if (mMinValidity > mMaxValidity) { - String params[] = {getInstanceName(), + String params[] = { getInstanceName(), String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR), String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; @@ -158,7 +152,7 @@ public class RenewalValidityConstraints extends APolicyRule // Renewal interval can't be more than maxValidity. if (mRenewalInterval > mMaxValidity) { - String params[] = {getInstanceName(), + String params[] = { getInstanceName(), String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR), String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; @@ -167,7 +161,7 @@ public class RenewalValidityConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -177,8 +171,8 @@ public class RenewalValidityConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -191,15 +185,15 @@ public class RenewalValidityConstraints extends APolicyRule try { // Get the certificate info from the request X509CertInfo certInfo[] = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); // Get the certificates being renwed. X509CertImpl currentCerts[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); // Both certificate info and current certs should be set if (certInfo == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -218,12 +212,12 @@ public class RenewalValidityConstraints extends APolicyRule // set the validity. for (int i = 0; i < certInfo.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - currentCerts[i].get(X509CertImpl.NAME + - "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + currentCerts[i].get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -233,14 +227,14 @@ public class RenewalValidityConstraints extends APolicyRule long interval = notAfter.getTime() - now.getTime(); if (interval > mRenewalInterval) { - setError(req, - CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME", - getInstanceName(), - String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), ""); - setError(req, - CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS", - getInstanceName(), - getCertDetails(req, currentCerts[i])), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME", + getInstanceName(), + String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS", + getInstanceName(), + getCertDetails(req, currentCerts[i])), ""); result = PolicyResult.REJECTED; setDummyValidity(certInfo[i]); @@ -256,19 +250,19 @@ public class RenewalValidityConstraints extends APolicyRule // If the new notAfter is within renewal interval days from // today or already expired, set the notBefore to today. if (renewedNotAfter.before(now) || - (renewedNotAfter.getTime() - now.getTime()) <= - mRenewalInterval) { + (renewedNotAfter.getTime() - now.getTime()) <= + mRenewalInterval) { renewedNotBef = now; renewedNotAfter = new Date(now.getTime() + mMaxValidity); } CertificateValidity newValidity = - new CertificateValidity(renewedNotBef, renewedNotAfter); + new CertificateValidity(renewedNotBef, renewedNotAfter); certInfo[i].set(X509CertInfo.VALIDITY, newValidity); } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -278,24 +272,24 @@ public class RenewalValidityConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_VALIDITY + "=" + - mMinValidity / DAYS_TO_MS_FACTOR); + mMinValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_MAX_VALIDITY + "=" + - mMaxValidity / DAYS_TO_MS_FACTOR); + mMaxValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_RENEWAL_INTERVAL + "=" + - mRenewalInterval / DAYS_TO_MS_FACTOR); + mRenewalInterval / DAYS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -306,7 +300,7 @@ public class RenewalValidityConstraints extends APolicyRule private void setDummyValidity(X509CertInfo certInfo) { try { certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(CMS.getCurrentDate(), new Date())); + new CertificateValidity(CMS.getCurrentDate(), new Date())); } catch (Exception e) { } } @@ -317,8 +311,8 @@ public class RenewalValidityConstraints extends APolicyRule sb.append("\n"); sb.append("Serial No: " + cert.getSerialNumber().toString(16)); sb.append("\n"); - sb.append("Validity: " + cert.getNotBefore().toString() + - " - " + cert.getNotAfter().toString()); + sb.append("Validity: " + cert.getNotBefore().toString() + + " - " + cert.getNotAfter().toString()); sb.append("\n"); String certType = req.getExtDataInString(IRequest.CERT_TYPE); @@ -326,11 +320,12 @@ public class RenewalValidityConstraints extends APolicyRule certType = IRequest.SERVER_CERT; if (certType.equals(IRequest.CLIENT_CERT)) { - /*** Take this our - URL formulation hard to do here. - sb.append("Use the following url with your CA/RA gateway spec to download the certificate."); - sb.append("\n"); - sb.append("/query/certImport?op=displayByserial&serialNumber="); - sb.append(cert.getSerialNumber().toString(16)); + /*** + * Take this our - URL formulation hard to do here. + * sb.append("Use the following url with your CA/RA gateway spec to download the certificate."); + * sb.append("\n"); + * sb.append("/query/certImport?op=displayByserial&serialNumber="); + * sb.append(cert.getSerialNumber().toString(16)); ***/ sb.append("\n"); } else { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java index 686529f4..b18e4b7f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -38,20 +37,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Whether to allow revocation of an expired cert. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RevocationConstraints extends APolicyRule - implements IRevocationPolicy, IExtendedPluginInfo { + implements IRevocationPolicy, IExtendedPluginInfo { private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts"; private static final String PROP_ALLOW_ON_HOLD = "allowOnHold"; @@ -74,13 +73,13 @@ public class RevocationConstraints extends APolicyRule PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate", PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-revocationconstraints", + ";configuration-policyrules-revocationconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Allow administrator to decide policy on whether to allow " + - "recovation of expired certificates" + - "and set reason to On-Hold" + ";Allow administrator to decide policy on whether to allow " + + "recovation of expired certificates" + + "and set reason to On-Hold" - }; + }; return params; @@ -89,20 +88,18 @@ public class RevocationConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.allowExpiredCerts=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.allowExpiredCerts=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and onfigure them. try { - mAllowExpiredCerts = + mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true); mAllowOnHold = config.getBoolean(PROP_ALLOW_ON_HOLD, true); @@ -117,8 +114,8 @@ public class RevocationConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -138,35 +135,35 @@ public class RevocationConstraints extends APolicyRule setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), ""); return PolicyResult.REJECTED; - } + } } if (mAllowExpiredCerts) // nothing to check. return PolicyResult.ACCEPTED; - + PolicyResult result = PolicyResult.ACCEPTED; try { // Get the certificates being renwed. X509CertImpl[] oldCerts = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCerts == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"), - getInstanceName()); + getInstanceName()); return PolicyResult.REJECTED; } // check if each cert to be renewed is expired. for (int i = 0; i < oldCerts.length; i++) { X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); + oldCerts[i].get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) + oldCertInfo.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + oldValidity.get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -174,16 +171,16 @@ public class RevocationConstraints extends APolicyRule if (notAfter.before(now)) { String params[] = { getInstanceName() }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", - params), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", + params), ""); result = PolicyResult.REJECTED; break; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; @@ -193,22 +190,22 @@ public class RevocationConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement( - PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); + PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); confParams.addElement( - PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold); + PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java index 9d519284..b8ffa86e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * SigningAlgorithmConstraints enforces that only a supported * signing algorithm be requested. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SigningAlgorithmConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private String[] mAllowedAlgs = null; // algs allowed by this policy static String[] mDefaultAllowedAlgs = null; // default algs allowed by this policy based on CA's key private String[] mConfigAlgs = null; // algs listed in config file @@ -94,17 +93,13 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * - * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mAuthority = (IAuthority) ((IPolicyProcessor) owner).getAuthority(); // Get allowed algorithms from config file @@ -114,7 +109,7 @@ public class SigningAlgorithmConstraints extends APolicyRule try { algNames = config.getString(PROP_ALGORITHMS, null); } catch (Exception e) { - String[] params = {getInstanceName(), e.toString(), PROP_ALGORITHMS}; + String[] params = { getInstanceName(), e.toString(), PROP_ALGORITHMS }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_PARAM_CONFIG_ERROR", params)); @@ -136,7 +131,7 @@ public class SigningAlgorithmConstraints extends APolicyRule for (int i = 0; i < itemCount; i++) { mAllowedAlgs[i] = (String) algs.elementAt(i); } - + } } @@ -149,8 +144,8 @@ public class SigningAlgorithmConstraints extends APolicyRule if (mAllowedAlgs != null) { // winnow out unknown algorithms - winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS, - "CMS_POLICY_UNKNOWN_SIGNING_ALG", true); + winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS, + "CMS_POLICY_UNKNOWN_SIGNING_ALG", true); } else { // if nothing was in the config file, allow all known algs mAllowedAlgs = AlgorithmId.ALL_SIGNING_ALGORITHMS; @@ -183,16 +178,16 @@ public class SigningAlgorithmConstraints extends APolicyRule // get list of algorithms allowed for the key String[] allowedByKey = - ((ICertAuthority) mAuthority).getCASigningAlgorithms(); + ((ICertAuthority) mAuthority).getCASigningAlgorithms(); if (allowedByKey != null) { // don't show algorithms that don't match CA's key in UI. mDefaultAllowedAlgs = new String[allowedByKey.length]; for (int i = 0; i < allowedByKey.length; i++) mDefaultAllowedAlgs[i] = allowedByKey[i]; - // winnow out algorithms that don't match CA's signing key + // winnow out algorithms that don't match CA's signing key winnowAlgs(allowedByKey, - "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false); + "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false); winnowedByKey = true; } else { // We don't know the CA's signing algorithms. Maybe we're @@ -203,14 +198,14 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Winnows out of mAllowedAlgorithms those algorithms that aren't allowed * for some reason. - * - * @param allowed An array of allowed algorithms. Only algorithms in this - * list will survive the winnowing process. + * + * @param allowed An array of allowed algorithms. Only algorithms in this + * list will survive the winnowing process. * @param reason A string describing the problem with an algorithm - * that is not allowed by this list. Must be a predefined string in PolicyResources. + * that is not allowed by this list. Must be a predefined string in PolicyResources. */ - private void winnowAlgs(String[] allowed, String reason, boolean isError) - throws EBaseException { + private void winnowAlgs(String[] allowed, String reason, boolean isError) + throws EBaseException { int i, j, goodSize; // validate the currently-allowed algorithms @@ -240,7 +235,7 @@ public class SigningAlgorithmConstraints extends APolicyRule // convert back into an array goodSize = goodAlgs.size(); if (mAllowedAlgs.length != goodSize) { - mAllowedAlgs = new String[ goodSize ]; + mAllowedAlgs = new String[goodSize]; for (i = 0; i < goodSize; i++) { mAllowedAlgs[i] = (String) goodAlgs.elementAt(i); } @@ -250,8 +245,8 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -282,10 +277,10 @@ public class SigningAlgorithmConstraints extends APolicyRule } CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + certInfo[i].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); String alg = algId.getName(); // test against the list of allowed algorithms @@ -298,10 +293,10 @@ public class SigningAlgorithmConstraints extends APolicyRule // if the algor doesn't match the CA's key replace // it with one that does. if (mAllowedAlgs[0].equals("SHA1withDSA") || - alg.equals("SHA1withDSA")) { + alg.equals("SHA1withDSA")) { certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.get(mAllowedAlgs[0]))); + new CertificateAlgorithmId( + AlgorithmId.get(mAllowedAlgs[0]))); return PolicyResult.ACCEPTED; } @@ -313,9 +308,9 @@ public class SigningAlgorithmConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } @@ -324,10 +319,10 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector confParams = new Vector(); StringBuffer sb = new StringBuffer(); @@ -343,10 +338,10 @@ public class SigningAlgorithmConstraints extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { + public Vector getDefaultParams() { StringBuffer sb = new StringBuffer(); sb.append(PROP_ALGORITHMS); sb.append("="); @@ -365,14 +360,14 @@ public class SigningAlgorithmConstraints extends APolicyRule } defConfParams.addElement(sb.toString()); - return defConfParams; + return defConfParams; } public String[] getExtendedPluginInfo(Locale locale) { if (!winnowedByKey) { - try { - winnowByKey(); - } catch (Exception e) { + try { + winnowByKey(); + } catch (Exception e) { } } @@ -380,51 +375,51 @@ public class SigningAlgorithmConstraints extends APolicyRule String[] params_BOTH = { PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + - "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"+ - "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + - "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," + - "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + - "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," + - "MD2withRSA\\,MD5withRSA," + - "MD2withRSA\\,SHA1withRSA," + - "MD2withRSA\\,SHA1withDSA," + - "MD5withRSA\\,SHA1withRSA," + - "MD5withRSA\\,SHA1withDSA," + - "SHA1withRSA\\,SHA1withDSA," + - "MD2withRSA," + - "MD5withRSA," + - "SHA1withRSA," + - "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " + - "to be one of the algorithms supported by Certificate System", + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + + "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," + + "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA," + + "MD2withRSA\\,SHA1withRSA," + + "MD2withRSA\\,SHA1withDSA," + + "MD5withRSA\\,SHA1withRSA," + + "MD5withRSA\\,SHA1withDSA," + + "SHA1withRSA\\,SHA1withDSA," + + "MD2withRSA," + + "MD5withRSA," + + "SHA1withRSA," + + "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " + + "to be one of the algorithms supported by Certificate System", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Restricts the requested signing algorithm to be one of" + - " the algorithms supported by Certificate System" + ";Restricts the requested signing algorithm to be one of" + + " the algorithms supported by Certificate System" }; String[] params_RSA = { PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + - "MD2withRSA\\,MD5withRSA," + - "MD2withRSA\\,SHA1withRSA," + - "MD5withRSA\\,SHA1withRSA," + - "MD2withRSA," + - "MD5withRSA," + - "SHA1withRSA);Restrict the requested signing algorithm to be " + - "one of the algorithms supported by Certificate System", + "MD2withRSA\\,MD5withRSA," + + "MD2withRSA\\,SHA1withRSA," + + "MD5withRSA\\,SHA1withRSA," + + "MD2withRSA," + + "MD5withRSA," + + "SHA1withRSA);Restrict the requested signing algorithm to be " + + "one of the algorithms supported by Certificate System", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Restricts the requested signing algorithm to be one of" + - " the algorithms supported by Certificate System" + ";Restricts the requested signing algorithm to be one of" + + " the algorithms supported by Certificate System" }; String[] params_DSA = { PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " + - "algorithm to be one of the algorithms supported by Certificate " + - "System", + "algorithm to be one of the algorithms supported by Certificate " + + "System", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Restricts the requested signing algorithm to be one of" + - " the algorithms supported by Certificate System" + ";Restricts the requested signing algorithm to be one of" + + " the algorithms supported by Certificate System" }; switch (mDefaultAllowedAlgs.length) { @@ -447,4 +442,3 @@ public class SigningAlgorithmConstraints extends APolicyRule } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java index 8e8cd4a7..0cec678c 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Locale; import java.util.Vector; @@ -41,16 +40,16 @@ import com.netscape.certsrv.request.PolicyResult; import com.netscape.certsrv.security.ISigningUnit; import com.netscape.cms.policy.APolicyRule; - /** * This simple policy checks the subordinate CA CSR to see * if it is the same as the local CA. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -66,32 +65,28 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli public String[] getExtendedPluginInfo(Locale locale) { String[] params = { IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subcanamecheck", + ";configuration-policyrules-subcanamecheck", IExtendedPluginInfo.HELP_TEXT + - ";Checks if subordinate CA request matches the local CA. There are no parameters to change" + ";Checks if subordinate CA request matches the local CA. There are no parameters to change" }; return params; } - + /** * Initializes this policy rule. * <P> - * - * The entries probably are of the form - * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints - * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // get CA's public key to create authority key id. - ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ICertAuthority certAuthority = (ICertAuthority) + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. @@ -106,7 +101,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli } mCA = (ICertificateAuthority) certAuthority; ISigningUnit su = mCA.getSigningUnit(); - if( su == null || CMS.isPreOpMode() ) { + if (su == null || CMS.isPreOpMode()) { return; } @@ -124,8 +119,8 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -136,7 +131,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli // Get the certificate templates X509CertInfo[] certInfos = req.getExtDataInCertInfoArray( IRequest.CERT_INFO); - + if (certInfos == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_CERT_INFO", getInstanceName())); setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME + ":" + getInstanceName()), ""); @@ -163,7 +158,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli } } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName())); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); @@ -174,24 +169,23 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector v = new Vector(); return v; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { + public Vector getDefaultParams() { Vector v = new Vector(); return v; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java index dc8ecd79..9afbf765 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - - - /** * This class is used to help migrate CMS4.1 to CMS4.2. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java index 2cff24d3..9a43db9f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -44,35 +43,35 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Checks the uniqueness of the subject name. This policy - * can only be used (installed) in Certificate Authority - * subsystem. - * + * can only be used (installed) in Certificate Authority + * subsystem. + * * This policy can perform pre-agent-approval checking or * post-agent-approval checking based on configuration * setting. - * + * * In some situations, user may want to have 2 certificates with - * the same subject name. For example, one key for encryption, - * and one for signing. This policy does not deal with this case + * the same subject name. For example, one key for encryption, + * and one for signing. This policy does not deal with this case * directly. But it can be easily extended to do that. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class UniqueSubjectNameConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { - protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = - "enablePreAgentApprovalChecking"; - protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; +public class UniqueSubjectNameConstraints extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { + protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = + "enablePreAgentApprovalChecking"; + protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = + "enableKeyUsageExtensionChecking"; public ICertificateAuthority mCA = null; @@ -82,17 +81,17 @@ public class UniqueSubjectNameConstraints extends APolicyRule public UniqueSubjectNameConstraints() { NAME = "UniqueSubjectName"; DESC = "Ensure the uniqueness of the subject name."; - } + } public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)", PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-uniquesubjectname", + ";configuration-policyrules-uniquesubjectname", IExtendedPluginInfo.HELP_TEXT + - ";Rejects a request if there exists an unrevoked, unexpired " + - "certificate with the same subject name" + ";Rejects a request if there exists an unrevoked, unexpired " + + "certificate with the same subject name" }; return params; @@ -102,22 +101,18 @@ public class UniqueSubjectNameConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true - * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true + * + * @param config The config store reference */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { // get CA's public key to create authority key id. ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. @@ -131,12 +126,12 @@ public class UniqueSubjectNameConstraints extends APolicyRule mCA = (ICertificateAuthority) certAuthority; try { - mPreAgentApprovalChecking = + mPreAgentApprovalChecking = config.getBoolean(PROP_PRE_AGENT_APPROVAL_CHECKING, false); } catch (EBaseException e) { } try { - mKeyUsageExtensionChecking = + mKeyUsageExtensionChecking = config.getBoolean(PROP_KEY_USAGE_EXTENSION_CHECKING, true); } catch (EBaseException e) { } @@ -145,8 +140,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -162,9 +157,9 @@ public class UniqueSubjectNameConstraints extends APolicyRule // Get the certificate templates X509CertInfo[] certInfos = req.getExtDataInCertInfoArray( IRequest.CERT_INFO); - + if (certInfos == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -172,11 +167,11 @@ public class UniqueSubjectNameConstraints extends APolicyRule // retrieve the subject name and check its unqiueness for (int i = 0; i < certInfos.length; i++) { CertificateSubjectName subName = (CertificateSubjectName) - certInfos[i].get(X509CertInfo.SUBJECT); + certInfos[i].get(X509CertInfo.SUBJECT); // if there is no name set, set one here. if (subName == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", + setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", getInstanceName()), ""); return PolicyResult.REJECTED; } @@ -184,18 +179,18 @@ public class UniqueSubjectNameConstraints extends APolicyRule String filter = "x509Cert.subject=" + certSubjectName; // subject name is indexed, so we only use subject name // in the filter - Enumeration<ICertRecord> matched = - mCA.getCertificateRepository().findCertRecords(filter); + Enumeration<ICertRecord> matched = + mCA.getCertificateRepository().findCertRecords(filter); while (matched.hasMoreElements()) { - ICertRecord rec = matched.nextElement(); + ICertRecord rec = matched.nextElement(); String status = rec.getStatus(); if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { // accept this only if we have a REVOKED, // EXPIRED or REVOKED_EXPIRED certificate continue; - + } // you already have an VALID or INVALID (not yet valid) certificate if (mKeyUsageExtensionChecking && agentApproved(req)) { @@ -210,15 +205,15 @@ public class UniqueSubjectNameConstraints extends APolicyRule } } - setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", + setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", getInstanceName() + " " + certSubjectName), ""); return PolicyResult.REJECTED; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } @@ -229,8 +224,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule * Checks if the key extension in the issued certificate * is the same as the one in the certificate template. */ - private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + private boolean sameKeyUsageExtension(ICertRecord rec, + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); @@ -282,25 +277,25 @@ public class UniqueSubjectNameConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getInstanceParams() { Vector<String> confParams = new Vector<String>(); confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + - "=" + mPreAgentApprovalChecking); + "=" + mPreAgentApprovalChecking); confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING + - "=" + mKeyUsageExtensionChecking); + "=" + mKeyUsageExtensionChecking); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "="); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java index 62c49450..ef35f5e6 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -35,26 +34,26 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * ValidityConstraints is a default rule for Enrollment and * Renewal that enforces minimum and maximum validity periods * and changes them if not met. - * + * * Optionally the lead and lag times - i.e how far back into the * front or back the notBefore date could go in minutes can also * be specified. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class ValidityConstraints extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected long mMinValidity; protected long mMaxValidity; protected long mLeadTime; @@ -78,15 +77,15 @@ public class ValidityConstraints extends APolicyRule static { defConfParams.addElement(PROP_MIN_VALIDITY + "=" + - DEF_MIN_VALIDITY); + DEF_MIN_VALIDITY); defConfParams.addElement(PROP_MAX_VALIDITY + "=" + - DEF_MAX_VALIDITY); + DEF_MAX_VALIDITY); defConfParams.addElement(PROP_LEAD_TIME + "=" + - DEF_LEAD_TIME); + DEF_LEAD_TIME); defConfParams.addElement(PROP_LAG_TIME + "=" + - DEF_LAG_TIME); + DEF_LAG_TIME); defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + - DEF_NOT_BEFORE_SKEW); + DEF_NOT_BEFORE_SKEW); } public String[] getExtendedPluginInfo(Locale locale) { @@ -97,11 +96,11 @@ public class ValidityConstraints extends APolicyRule PROP_LAG_TIME + ";number;NOT CURRENTLY IN USE", PROP_NOT_BEFORE_SKEW + ";number;Number of minutes a cert's notBefore should be in the past", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-validityconstraints", + ";configuration-policyrules-validityconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Ensures that the user's requested validity period is " + - "acceptable. If not specified, as is usually the case, " + - "this policy will set the validity. See RFC 2459." + ";Ensures that the user's requested validity period is " + + "acceptable. If not specified, as is usually the case, " + + "this policy will set the validity. See RFC 2459." }; return params; @@ -116,19 +115,15 @@ public class ValidityConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.minValidity=30 - * ra.Policy.rule.<ruleName>.maxValidity=180 - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and configure them. try { @@ -164,7 +159,7 @@ public class ValidityConstraints extends APolicyRule mNotBeforeSkew = DEF_NOT_BEFORE_SKEW * MINS_TO_MS_FACTOR; } catch (Exception e) { // e.printStackTrace(); - String[] params = {getInstanceName(), e.toString()}; + String[] params = { getInstanceName(), e.toString() }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params)); @@ -174,8 +169,8 @@ public class ValidityConstraints extends APolicyRule /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -198,7 +193,7 @@ public class ValidityConstraints extends APolicyRule // Else check if validity is within the limit for (int i = 0; i < certInfo.length; i++) { CertificateValidity validity = (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + certInfo[i].get(X509CertInfo.VALIDITY); Date notBefore = null, notAfter = null; @@ -215,9 +210,9 @@ public class ValidityConstraints extends APolicyRule // (date = 0 is hack for serialization) if (validity == null || - (notBefore.getTime() == 0 && notAfter.getTime() == 0)) { + (notBefore.getTime() == 0 && notAfter.getTime() == 0)) { certInfo[i].set(X509CertInfo.VALIDITY, - makeDefaultValidity(req)); + makeDefaultValidity(req)); continue; } @@ -228,22 +223,20 @@ public class ValidityConstraints extends APolicyRule getInstanceName()), ""); result = PolicyResult.REJECTED; } - if ((notAfter.getTime() - notBefore.getTime()) > - mMaxValidity) { - String params[] = {getInstanceName(), + if ((notAfter.getTime() - notBefore.getTime()) > mMaxValidity) { + String params[] = { getInstanceName(), String.valueOf( - ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), - String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR)}; + ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), + String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) }; setError(req, CMS.getUserMessage("CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), ""); result = PolicyResult.REJECTED; } - if ((notAfter.getTime() - notBefore.getTime()) < - mMinValidity) { - String params[] = {getInstanceName(), + if ((notAfter.getTime() - notBefore.getTime()) < mMinValidity) { + String params[] = { getInstanceName(), String.valueOf( - ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), - String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR)}; + ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)), + String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR) }; setError(req, CMS.getUserMessage("CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), ""); result = PolicyResult.REJECTED; @@ -251,7 +244,7 @@ public class ValidityConstraints extends APolicyRule } } catch (Exception e) { // e.printStackTrace(); - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); @@ -262,28 +255,28 @@ public class ValidityConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); confParams.addElement(PROP_MIN_VALIDITY + "=" + - mMinValidity / DAYS_TO_MS_FACTOR); + mMinValidity / DAYS_TO_MS_FACTOR); confParams.addElement(PROP_MAX_VALIDITY + "=" + - mMaxValidity / DAYS_TO_MS_FACTOR); - confParams.addElement(PROP_LEAD_TIME + "=" - + mLeadTime / MINS_TO_MS_FACTOR); - confParams.addElement(PROP_LAG_TIME + "=" + - mLagTime / MINS_TO_MS_FACTOR); - confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + - mNotBeforeSkew / MINS_TO_MS_FACTOR); + mMaxValidity / DAYS_TO_MS_FACTOR); + confParams.addElement(PROP_LEAD_TIME + "=" + + mLeadTime / MINS_TO_MS_FACTOR); + confParams.addElement(PROP_LAG_TIME + "=" + + mLagTime / MINS_TO_MS_FACTOR); + confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + + mNotBeforeSkew / MINS_TO_MS_FACTOR); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { @@ -292,10 +285,10 @@ public class ValidityConstraints extends APolicyRule /** * Create a default validity value for a request - * + * * This code can be easily overridden in a derived class, if the * calculations here aren't accepatble. - * + * * TODO: it might be good to base this calculation on the creation * time of the request. */ @@ -312,7 +305,7 @@ public class ValidityConstraints extends APolicyRule /** * convert a millisecond resolution time into one with 1 second - * resolution. Most times in certificates are storage at 1 + * resolution. Most times in certificates are storage at 1 * second resolution, so its better if we deal with things at * that level. */ @@ -320,4 +313,3 @@ public class ValidityConstraints extends APolicyRule return (input / 1000) * 1000; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java index 4f8aaa29..f37a2b59 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.io.Serializable; import java.security.cert.CertificateException; @@ -44,12 +43,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Authority Information Access extension policy. * If this policy is enabled, it adds an authority * information access extension to the certificate. - * + * * The following listed sample configuration parameters: * * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt @@ -68,33 +66,34 @@ import com.netscape.cms.policy.APolicyRule; * ca.Policy.rule.aia.enable=true * ca.Policy.rule.aia.implName=AuthInfoAccess * ca.Policy.rule.aia.predicate= - * + * * Currently, this policy only supports the following location: - * uriName:[URI], dirName:[DN] + * uriName:[URI], dirName:[DN] * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class AuthInfoAccessExt extends APolicyRule implements +public class AuthInfoAccessExt extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_AD = - "ad"; + "ad"; protected static final String PROP_METHOD = - "method"; + "method"; protected static final String PROP_LOCATION = - "location"; + "location"; protected static final String PROP_LOCATION_TYPE = - "location_type"; + "location_type"; protected static final String PROP_NUM_ADS = - "numADs"; + "numADs"; public static final int MAX_AD = 5; @@ -109,13 +108,13 @@ public class AuthInfoAccessExt extends APolicyRule implements Vector<String> v = new Vector<String>(); v.addElement(PROP_CRITICAL + - ";boolean;RFC 2459 recommendation: This extension MUST be non-critical."); + ";boolean;RFC 2459 recommendation: This extension MUST be non-critical."); v.addElement(PROP_NUM_ADS + - ";number;The total number of access descriptions."); + ";number;The total number of access descriptions."); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)"); + ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)"); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-authinfoaccess"); + ";configuration-policyrules-authinfoaccess"); for (int i = 0; i < MAX_AD; i++) { v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); @@ -128,17 +127,15 @@ public class AuthInfoAccessExt extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; } @@ -153,7 +150,7 @@ public class AuthInfoAccessExt extends APolicyRule implements // for (int i = 0;; i++) { ObjectIdentifier methodOID = null; - String method = mConfig.getString(PROP_AD + + String method = mConfig.getString(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD, null); if (method == null) @@ -162,10 +159,10 @@ public class AuthInfoAccessExt extends APolicyRule implements if (method.equals("")) break; - // - // method ::= ocsp | caIssuers | <OID> - // OID ::= [object identifier] - // + // + // method ::= ocsp | caIssuers | <OID> + // OID ::= [object identifier] + // try { if (method.equalsIgnoreCase("ocsp")) { methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1"); @@ -186,17 +183,17 @@ public class AuthInfoAccessExt extends APolicyRule implements // TAG ::= uriName | dirName // VALUE ::= [value defined by TAG] // - String location_type = mConfig.getString(PROP_AD + - Integer.toString(i) + + String location_type = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION_TYPE, null); - String location = mConfig.getString(PROP_AD + - Integer.toString(i) + + String location = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION, null); if (location == null) break; GeneralName gn = CMS.form_GeneralName(location_type, location); - Vector<Serializable> e = new Vector<Serializable>(); + Vector<Serializable> e = new Vector<Serializable>(); e.addElement(methodOID); e.addElement(gn); @@ -209,7 +206,7 @@ public class AuthInfoAccessExt extends APolicyRule implements * If this policy is enabled, add the authority information * access extension to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -221,7 +218,7 @@ public class AuthInfoAccessExt extends APolicyRule implements IRequest.CERT_INFO); if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -229,8 +226,8 @@ public class AuthInfoAccessExt extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Configuration Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -238,19 +235,19 @@ public class AuthInfoAccessExt extends APolicyRule implements try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // add access descriptions Enumeration<Vector<Serializable>> e = getAccessDescriptions(); if (!e.hasMoreElements()) { return res; - } - + } + if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -263,12 +260,12 @@ public class AuthInfoAccessExt extends APolicyRule implements } // Create the extension - AuthInfoAccessExtension aiaExt = new - AuthInfoAccessExtension(mConfig.getBoolean( - PROP_CRITICAL, false)); + AuthInfoAccessExtension aiaExt = new + AuthInfoAccessExtension(mConfig.getBoolean( + PROP_CRITICAL, false)); while (e.hasMoreElements()) { - Vector<Serializable> ad = e.nextElement(); + Vector<Serializable> ad = e.nextElement(); ObjectIdentifier oid = (ObjectIdentifier) ad.elementAt(0); GeneralName gn = (GeneralName) ad.elementAt(1); @@ -278,17 +275,17 @@ public class AuthInfoAccessExt extends APolicyRule implements } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()), ""); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Configuration Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Certificate Info Error"), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -299,15 +296,15 @@ public class AuthInfoAccessExt extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); try { - params.addElement(PROP_CRITICAL + "=" + - mConfig.getBoolean(PROP_CRITICAL, false)); + params.addElement(PROP_CRITICAL + "=" + + mConfig.getBoolean(PROP_CRITICAL, false)); } catch (EBaseException e) { params.addElement(PROP_CRITICAL + "=false"); } @@ -325,46 +322,46 @@ public class AuthInfoAccessExt extends APolicyRule implements String method = null; try { - method = mConfig.getString(PROP_AD + + method = mConfig.getString(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD, ""); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_METHOD + "=" + method); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_METHOD + "=" + method); String location_type = null; try { - location_type = mConfig.getString(PROP_AD + - Integer.toString(i) + "_" + PROP_LOCATION_TYPE, + location_type = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION_TYPE, IGeneralNameUtil.GENNAME_CHOICE_URL); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_LOCATION_TYPE + "=" + location_type); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_LOCATION_TYPE + "=" + location_type); String location = null; try { - location = mConfig.getString(PROP_AD + - Integer.toString(i) + "_" + PROP_LOCATION, + location = mConfig.getString(PROP_AD + + Integer.toString(i) + "_" + PROP_LOCATION, ""); } catch (EBaseException e) { } - params.addElement(PROP_AD + - Integer.toString(i) + - "_" + PROP_LOCATION + "=" + location); + params.addElement(PROP_AD + + Integer.toString(i) + + "_" + PROP_LOCATION + "=" + location); } return params; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); @@ -376,14 +373,13 @@ public class AuthInfoAccessExt extends APolicyRule implements // the CMS.cfg // for (int i = 0; i < MAX_AD; i++) { - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_METHOD + "="); - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL); - defParams.addElement(PROP_AD + Integer.toString(i) + - "_" + PROP_LOCATION + "="); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_METHOD + "="); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL); + defParams.addElement(PROP_AD + Integer.toString(i) + + "_" + PROP_LOCATION + "="); } return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java index 7ec05fec..63b84a39 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Authority Public Key Extension Policy - * Adds the subject public key id extension to certificates. + * Adds the subject public key id extension to certificates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_ALT_KEYID_TYPE = "AltKeyIdType"; @@ -98,27 +97,25 @@ public class AuthorityKeyIdentifierExt extends APolicyRule /** * Initializes this policy rule. - * Reads configuration file and creates a authority key identifier - * extension to add. Key identifier inside the extension is constructed as - * the CA's subject key identifier extension if it exists. - * If it does not exist this can be configured to use: - * (1) sha-1 hash of the CA's subject public key info - * (what communicator expects if the CA does not have a subject key + * Reads configuration file and creates a authority key identifier + * extension to add. Key identifier inside the extension is constructed as + * the CA's subject key identifier extension if it exists. + * If it does not exist this can be configured to use: + * (1) sha-1 hash of the CA's subject public key info + * (what communicator expects if the CA does not have a subject key * identifier extension) or (2) No extension set (3) Empty sequence * in Authority Key Identifier extension. - * + * * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate= - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mEnabled = mConfig.getBoolean( @@ -131,44 +128,44 @@ public class AuthorityKeyIdentifierExt extends APolicyRule if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_SPKISHA1)) mAltKeyIdType = ALT_KEYID_TYPE_SPKISHA1; - /* - else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY)) - mAltKeyIdType = ALT_KEYID_TYPE_EMPTY; - */ + /* + else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY)) + mAltKeyIdType = ALT_KEYID_TYPE_EMPTY; + */ else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_NONE)) mAltKeyIdType = ALT_KEYID_TYPE_NONE; else { log(ILogger.LL_FAILURE, NAME + - CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE, + CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE, "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", " + ALT_KEYID_TYPE_NONE)); } // create authority key id extension. ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. String msg = NAME + ": " + - "Cannot find the Certificate Manager or Registration Manager"; + "Cannot find the Certificate Manager or Registration Manager"; log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); } if (!(certAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, NAME + - CMS.getLogMessage("POLICY_INVALID_POLICY", NAME)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + CMS.getLogMessage("POLICY_INVALID_POLICY", NAME)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + " policy can only be used in a Certificate Authority.")); - } + } //CertificateChain caChain = certAuthority.getCACertChain(); //X509Certificate caCert = caChain.getFirstCertificate(); X509CertImpl caCert = certAuthority.getCACert(); - if( caCert == null || CMS.isPreOpMode() ) { + if (caCert == null || CMS.isPreOpMode()) { return; } - KeyIdentifier keyId = formKeyIdentifier(caCert); + KeyIdentifier keyId = formKeyIdentifier(caCert); if (keyId != null) { try { @@ -176,7 +173,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule mCritical, keyId, null, null); } catch (IOException e) { String msg = NAME + ": " + - "Error forming Authority Key Identifier extension: " + e; + "Error forming Authority Key Identifier extension: " + e; log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME)); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); @@ -191,26 +188,26 @@ public class AuthorityKeyIdentifierExt extends APolicyRule /** * Adds Authority Key Identifier Extension to a certificate. - * If the extension is already there, accept it if it's from the agent, + * If the extension is already there, accept it if it's from the agent, * else replace it. - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, ci[i]); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; @@ -223,7 +220,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule // from agent. else replace it. AuthorityKeyIdentifierExtension authorityKeyIdExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -236,45 +233,45 @@ public class AuthorityKeyIdentifierExt extends APolicyRule if (authorityKeyIdExt != null) { if (agentApproved(req)) { CMS.debug( - "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() + - " already has authority key id extension with value " + - authorityKeyIdExt); + "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() + + " already has authority key id extension with value " + + authorityKeyIdExt); return PolicyResult.ACCEPTED; } else { CMS.debug( - "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() + - " had authority key identifier - deleted"); + "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() + + " had authority key identifier - deleted"); extensions.delete(AuthorityKeyIdentifierExtension.class.getSimpleName()); } } // if no authority key identifier should be set b/c CA does not // have a subject key identifier, return here. - if (mTheExtension == null) + if (mTheExtension == null) return PolicyResult.ACCEPTED; - // add authority key id extension. + // add authority key id extension. if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension); + AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension); CMS.debug( - "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId()); + "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId()); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()), ""); return PolicyResult.REJECTED; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME, "Certificate Info Error"), ""); return PolicyResult.REJECTED; } @@ -284,12 +281,13 @@ public class AuthorityKeyIdentifierExt extends APolicyRule * Form the Key Identifier in the Authority Key Identifier extension. * from the CA's cert. * <p> + * * @param caCertImpl Certificate Info * @return A Key Identifier. * @throws com.netscape.certsrv.base.EBaseException on error */ protected KeyIdentifier formKeyIdentifier(X509CertImpl caCertImpl) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; // get CA's certInfo. @@ -298,50 +296,51 @@ public class AuthorityKeyIdentifierExt extends APolicyRule try { certInfo = (X509CertInfo) caCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (certInfo == null) { + if (certInfo == null) { String msg = "Bad CA certificate encountered. " + - "TBS Certificate missing."; + "TBS Certificate missing."; log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg)); } } catch (CertificateException e) { log(ILogger.LL_FAILURE, NAME + ": " + - CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString())); + CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + " Error decoding the CA Certificate: " + e)); } // get Key Id from CA's Subject Key Id extension in CA's CertInfo. keyId = getKeyIdentifier(certInfo); - if (keyId != null) + if (keyId != null) return keyId; - // if none exists use the configured alternate. + // if none exists use the configured alternate. if (mAltKeyIdType == ALT_KEYID_TYPE_SPKISHA1) { keyId = formSpkiSHA1KeyId(certInfo); } /* - else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) { - keyId = formEmptyKeyId(certInfo); - } - */ else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) { + else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) { + keyId = formEmptyKeyId(certInfo); + } + */else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) { keyId = null; } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - mAltKeyIdType, + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + mAltKeyIdType, "Unknown Alternate Key Identifier type.")); } return keyId; } /** - * Get the Key Identifier in a subject key identifier extension from a + * Get the Key Identifier in a subject key identifier extension from a * CertInfo. + * * @param certInfo the CertInfo structure. * @return Key Identifier in a Subject Key Identifier extension if any. */ - protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo) - throws EBaseException { + protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo) + throws EBaseException { CertificateExtensions exts = null; SubjectKeyIdentifierExtension subjKeyIdExt = null; KeyIdentifier keyId = null; @@ -357,7 +356,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule CMS.debug(NAME + ": " + "No extensions found. Error " + e); return null; } - if (exts == null) + if (exts == null) return null; try { @@ -366,7 +365,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule } catch (IOException e) { // extension isn't there. CMS.debug( - "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e); + "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e); return null; } if (subjKeyIdExt == null) @@ -378,7 +377,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule } catch (IOException e) { // no key identifier in subject key id extension. String msg = NAME + ": " + - "Bad Subject Key Identifier Extension found. Error: " + e; + "Bad Subject Key Identifier Extension found. Error: " + e; log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME)); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); @@ -388,40 +387,39 @@ public class AuthorityKeyIdentifierExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefaultParams; } public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;" + - "RFC 2459 recommendation: MUST NOT be marked critical.", + "RFC 2459 recommendation: MUST NOT be marked critical.", PROP_ALT_KEYID_TYPE + ";" + - "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" + - "Specifies whether to use a SHA1 hash of the CA's subject " + - "public key info for key identifier or leave out the " + - "authority key identifier extension if the CA certificate " + - "does not have a Subject Key Identifier extension.", + "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" + + "Specifies whether to use a SHA1 hash of the CA's subject " + + "public key info for key identifier or leave out the " + + "authority key identifier extension if the CA certificate " + + "does not have a Subject Key Identifier extension.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-authkeyid", + ";configuration-policyrules-authkeyid", IExtendedPluginInfo.HELP_TEXT + - ";Adds Authority Key Identifier Extension. " + - "See RFC 2459 (4.2.1.1)" + ";Adds Authority Key Identifier Extension. " + + "See RFC 2459 (4.2.1.1)" }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java index 1636902d..dedd8ce8 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -47,48 +46,48 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Basic Constraints policy. * Adds the Basic constraints extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class BasicConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_MAXPATHLEN = "maxPathLen"; protected static final String PROP_IS_CA = "isCA"; protected static final String PROP_IS_CRITICAL = "critical"; protected static final String ARG_PATHLEN = "BasicConstraintsPathLen"; - protected int mMaxPathLen = 0; // < 0 means unlimited + protected int mMaxPathLen = 0; // < 0 means unlimited protected String mOrigMaxPathLen = ""; // for UI display only protected boolean mCritical = true; - protected int mDefaultMaxPathLen = 0; // depends on the CA's path length. - protected int mCAPathLen = 0; + protected int mDefaultMaxPathLen = 0; // depends on the CA's path length. + protected int mCAPathLen = 0; protected boolean mRemoveExt = true; protected boolean mIsCA = true; public static final boolean DEFAULT_CRITICALITY = true; /** - * Adds the basic constraints extension as a critical extension in - * CA certificates i.e. certype is ca, with either a requested + * Adds the basic constraints extension as a critical extension in + * CA certificates i.e. certype is ca, with either a requested * or configured path len. - * The requested or configured path length cannot be greater than + * The requested or configured path length cannot be greater than * or equal to the CA's basic constraints path length. * If the CA path length is 0, all requests for CA certs are rejected. */ public BasicConstraintsExt() { NAME = "BasicConstraintsExt"; - DESC = + DESC = "Sets critical basic constraints extension in subordinate CA certs"; } @@ -96,33 +95,31 @@ public class BasicConstraintsExt extends APolicyRule * Initializes this policy rule. * <p> * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl - * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // get the CA's path len to check against configured max path len. ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager")); } if (certAuthority instanceof IRegistrationAuthority) { - log(ILogger.LL_WARN, - "default basic constraints extension path len to -1."); + log(ILogger.LL_WARN, + "default basic constraints extension path len to -1."); mCAPathLen = -1; } else { CertificateChain caChain = certAuthority.getCACertChain(); - if( caChain == null || CMS.isPreOpMode() ) { + if (caChain == null || CMS.isPreOpMode()) { return; } X509Certificate caCert = caChain.getFirstCertificate(); @@ -132,14 +129,14 @@ public class BasicConstraintsExt extends APolicyRule // set default to one less than the CA's pathlen or 0 if CA's // pathlen is 0. // If it's unlimited default the max pathlen also to unlimited. - if (mCAPathLen < 0) + if (mCAPathLen < 0) mDefaultMaxPathLen = -1; - else if (mCAPathLen > 0) + else if (mCAPathLen > 0) mDefaultMaxPathLen = mCAPathLen - 1; else // (mCAPathLen == 0) { - log(ILogger.LL_WARN, - CMS.getLogMessage("POLICY_PATHLEN_ZERO")); + log(ILogger.LL_WARN, + CMS.getLogMessage("POLICY_PATHLEN_ZERO")); //return; } @@ -151,19 +148,19 @@ public class BasicConstraintsExt extends APolicyRule mIsCA = config.getBoolean(PROP_IS_CA, true); mMaxPathLen = config.getInteger(PROP_MAXPATHLEN); if (mMaxPathLen < 0) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "", - String.valueOf(mMaxPathLen))); + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "", + String.valueOf(mMaxPathLen))); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1", - NAME, String.valueOf(mMaxPathLen))); + NAME, String.valueOf(mMaxPathLen))); } mOrigMaxPathLen = Integer.toString(mMaxPathLen); } catch (EBaseException e) { - if (!(e instanceof EPropertyNotFound) && - !(e instanceof EPropertyNotDefined)) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN")); + if (!(e instanceof EPropertyNotFound) && + !(e instanceof EPropertyNotDefined)) { + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN")); throw e; } @@ -179,49 +176,49 @@ public class BasicConstraintsExt extends APolicyRule // else maxPathlen must be at most one less than the CA's // pathlen or 0 if CA's pathlen is 0. - if (mCAPathLen > 0 && - (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) { - String maxStr = (mMaxPathLen < 0) ? - String.valueOf(mMaxPathLen) + "(unlimited)" : - String.valueOf(mMaxPathLen); + if (mCAPathLen > 0 && + (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) { + String maxStr = (mMaxPathLen < 0) ? + String.valueOf(mMaxPathLen) + "(unlimited)" : + String.valueOf(mMaxPathLen); - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "", - maxStr, - String.valueOf(mCAPathLen))); + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "", + maxStr, + String.valueOf(mCAPathLen))); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1", - NAME, maxStr, Integer.toString(mCAPathLen))); + NAME, maxStr, Integer.toString(mCAPathLen))); } else if (mCAPathLen == 0 && mMaxPathLen != 0) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN", - NAME, String.valueOf(mMaxPathLen))); + NAME, String.valueOf(mMaxPathLen))); } } } /** - * Checks if the basic contraints extension in certInfo is valid and + * Checks if the basic contraints extension in certInfo is valid and * add the basic constraints extension for CA certs if none exists. * Non-CA certs do not get a basic constraints extension. - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -229,24 +226,24 @@ public class BasicConstraintsExt extends APolicyRule boolean isCA = mIsCA; /** - boolean isCA = false; - String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { - isCA = true; - } + * boolean isCA = false; + * String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + * if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { + * isCA = true; + * } **/ for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, isCA, certInfo); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; } public PolicyResult applyCert( - IRequest req, boolean isCA, X509CertInfo certInfo) { + IRequest req, boolean isCA, X509CertInfo certInfo) { // get basic constraints extension from cert info if any. CertificateExtensions extensions = null; @@ -272,8 +269,8 @@ public class BasicConstraintsExt extends APolicyRule if (extensions == null) { try { // create extensions set if none. - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { @@ -293,21 +290,21 @@ public class BasicConstraintsExt extends APolicyRule try { critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", - e.toString())); - setError(req, - CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", + e.toString())); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } - + try { extensions.set(BasicConstraintsExtension.class.getSimpleName(), critExt); } catch (IOException e) { } CMS.debug( - "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + - req.getRequestId()); + "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } @@ -318,29 +315,29 @@ public class BasicConstraintsExt extends APolicyRule if (mCAPathLen == 0) { // reject all subordinate CA cert requests because CA's // path length is 0. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME)); - setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME)); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); return PolicyResult.REJECTED; } - if (basicExt != null) { + if (basicExt != null) { try { - boolean extIsCA = - ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); - int pathLen = - ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue(); + boolean extIsCA = + ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); + int pathLen = + ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue(); if (mMaxPathLen > -1) { if (pathLen > mMaxPathLen || pathLen < 0) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); - if (pathLen < 0) + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); + if (pathLen < 0) setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", NAME, "unlimited", Integer.toString(mMaxPathLen)), ""); else setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", - NAME, Integer.toString(pathLen), + NAME, Integer.toString(pathLen), Integer.toString(mMaxPathLen)), ""); return PolicyResult.REJECTED; } @@ -348,20 +345,20 @@ public class BasicConstraintsExt extends APolicyRule // adjust isCA field if (!extIsCA) { - basicExt.set(BasicConstraintsExtension.IS_CA, - Boolean.valueOf(true)); + basicExt.set(BasicConstraintsExtension.IS_CA, + Boolean.valueOf(true)); } // adjust path length field. if (mMaxPathLen == 0) { if (pathLen != 0) { - basicExt.set(BasicConstraintsExtension.PATH_LEN, - Integer.valueOf(0)); + basicExt.set(BasicConstraintsExtension.PATH_LEN, + Integer.valueOf(0)); pathLen = 0; } } else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) { - basicExt.set(BasicConstraintsExtension.PATH_LEN, - Integer.valueOf(mMaxPathLen)); + basicExt.set(BasicConstraintsExtension.PATH_LEN, + Integer.valueOf(mMaxPathLen)); pathLen = mMaxPathLen; } @@ -372,10 +369,10 @@ public class BasicConstraintsExt extends APolicyRule try { critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME)); - setError(req, - CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME)); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } extensions.delete(BasicConstraintsExtension.class.getSimpleName()); @@ -385,8 +382,8 @@ public class BasicConstraintsExt extends APolicyRule // not possible in these cases. } CMS.debug( - "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + - req.getRequestId()); + "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } @@ -394,8 +391,8 @@ public class BasicConstraintsExt extends APolicyRule if (extensions == null) { try { // create extensions set if none. - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { @@ -413,29 +410,29 @@ public class BasicConstraintsExt extends APolicyRule if (reqPathLenStr == null) { reqPathLen = mMaxPathLen; } else { - try { - reqPathLen = Integer.parseInt(reqPathLenStr); + try { + reqPathLen = Integer.parseInt(reqPathLenStr); if ((mMaxPathLen == 0 && reqPathLen != 0) || - (mMaxPathLen > 0 && + (mMaxPathLen > 0 && (reqPathLen > mMaxPathLen || reqPathLen < 0))) { - String plenStr = - ((reqPathLen < 0) ? - reqPathLenStr + "(unlimited)" : reqPathLenStr); - - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr, - String.valueOf(mMaxPathLen))); - setError(req, - CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG", - NAME, plenStr, String.valueOf(mMaxPathLen)), ""); + String plenStr = + ((reqPathLen < 0) ? + reqPathLenStr + "(unlimited)" : reqPathLenStr); + + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr, + String.valueOf(mMaxPathLen))); + setError(req, + CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG", + NAME, plenStr, String.valueOf(mMaxPathLen)), ""); return PolicyResult.REJECTED; } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr)); - setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr)); + setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", NAME, reqPathLenStr), ""); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } } BasicConstraintsExtension newExt; @@ -443,29 +440,29 @@ public class BasicConstraintsExt extends APolicyRule try { newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString())); - setError(req, - CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString())); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } try { extensions.set(BasicConstraintsExtension.class.getSimpleName(), newExt); - }catch (IOException e) { + } catch (IOException e) { // doesn't happen. } CMS.debug( - "BasicConstraintsExt: added the extension to request " + - req.getRequestId()); + "BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); // Because of one of the UI bugs 385273, we should leave the empty space @@ -478,10 +475,10 @@ public class BasicConstraintsExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_IS_CRITICAL + "=true"); @@ -494,17 +491,16 @@ public class BasicConstraintsExt extends APolicyRule String[] params = { PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", PROP_IS_CRITICAL + ";boolean;" + - "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", PROP_IS_CA + ";boolean;" + - "Identifies the subject of the certificate is a CA or not.", + "Identifies the subject of the certificate is a CA or not.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-basicconstraints", + ";configuration-policyrules-basicconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" + ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java index 05d4a28e..0363079e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Hashtable; @@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * The type of the distribution point or issuer name. The name is expressed * as a simple string in the configuration file, so this attribute is needed * to tell whether the simple string should be stored in an X.500 Name, * a URL, or an RDN. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -69,7 +68,7 @@ class NameType { private NameType() { } // no default constructor - private String stringRep; // string representation of this type + private String stringRep; // string representation of this type private NameType(String s) { map.put(s, this); @@ -79,7 +78,7 @@ class NameType { private static Hashtable<String, NameType> map = new Hashtable<String, NameType>(); /** - * Looks up a NameType from its string representation. Returns null + * Looks up a NameType from its string representation. Returns null * if no matching NameType was found. */ public static NameType fromString(String s) { @@ -93,10 +92,9 @@ class NameType { public static final NameType DIRECTORY_NAME = new NameType("DirectoryName"); public static final NameType URI = new NameType("URI"); public static final NameType RELATIVE_TO_ISSUER = - new NameType("RelativeToIssuer"); + new NameType("RelativeToIssuer"); } - /** * These are the parameters that may be given in the configuration file * for each distribution point. They are parsed by DPParamsToDP(). @@ -124,13 +122,12 @@ class DistPointParams { } - /** * CRL Distribution Points policy. * Adds the CRL Distribution Points extension to the certificate. */ public class CRLDistributionPointsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_IS_CRITICAL = "critical"; public static final String PROP_NUM_POINTS = "numPoints"; @@ -173,29 +170,29 @@ public class CRLDistributionPointsExt extends APolicyRule // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed for (int i = 0; i < MAX_POINTS; i++) { v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" + - "DirectoryName,URI,RelativeToIssuer);" + - "The type of the CRL distribution point."); + "DirectoryName,URI,RelativeToIssuer);" + + "The type of the CRL distribution point."); v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" + - "The name of the CRL distribution point depending on the CRLDP type."); + "The name of the CRL distribution point depending on the CRLDP type."); v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" + - "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" + - "DirectoryName,URI);" + - "The type of the issuer that has signed the CRL maintained at this distribution point."); + "DirectoryName,URI);" + + "The type of the issuer that has signed the CRL maintained at this distribution point."); v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" + - "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); } v.addElement(PROP_NUM_POINTS + - ";number;The total number of CRL distribution points to be contained or allowed in the extension."); + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); v.addElement(PROP_IS_CRITICAL + - ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-crldistributionpoints"); + ";configuration-policyrules-crldistributionpoints"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the CRL Distribution Points " + - "Extension into the certificate. See RFC 2459 (4.2.1.14). " - ); + ";This policy inserts the CRL Distribution Points " + + "Extension into the certificate. See RFC 2459 (4.2.1.14). " + ); mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } @@ -212,13 +209,13 @@ public class CRLDistributionPointsExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // Register the CRL Distribution Points extension. try { netscape.security.x509.OIDMap.addAttribute( - CRLDistributionPointsExtension.class.getName(), - CRLDistributionPointsExtension.OID, - CRLDistributionPointsExtension.class.getSimpleName()); + CRLDistributionPointsExtension.class.getName(), + CRLDistributionPointsExtension.OID, + CRLDistributionPointsExtension.class.getSimpleName()); } catch (CertificateException e) { // ignore, just means it has already been added } @@ -273,7 +270,7 @@ public class CRLDistributionPointsExt extends APolicyRule * actual CRL Distribution Point object. */ private CRLDistributionPoint DPParamsToDP(DistPointParams params) - throws EBaseException { + throws EBaseException { CRLDistributionPoint crlDP = new CRLDistributionPoint(); try { @@ -337,14 +334,14 @@ public class CRLDistributionPointsExt extends APolicyRule if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s)); - throw new EBaseException("Unknown reason: " + s); + throw new EBaseException("Unknown reason: " + s); } else { reasonBits |= r.getBitMask(); } } if (reasonBits != 0) { BitArray ba = new BitArray(8, new byte[] { reasonBits } - ); + ); crlDP.setReasons(ba); } @@ -421,15 +418,15 @@ public class CRLDistributionPointsExt extends APolicyRule try { // find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { // remove any previously computed version of the extension @@ -446,13 +443,13 @@ public class CRLDistributionPointsExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } } @@ -471,7 +468,7 @@ public class CRLDistributionPointsExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector<String> getInstanceParams() { diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java index 1e61c4ad..a56cbe9a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -50,21 +49,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Certificate Policies. * Adds certificate policies extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class CertificatePoliciesExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_NUM_CERTPOLICIES = "numCertPolicies"; @@ -91,17 +90,15 @@ public class CertificatePoliciesExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mEnabled = mConfig.getBoolean( @@ -126,7 +123,7 @@ public class CertificatePoliciesExt extends APolicyRule mCertPolicies[i] = new CertPolicy(subtreeName, mConfig, mEnabled); } catch (EBaseException e) { log(ILogger.LL_FAILURE, NAME + ": " + - CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString())); + CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString())); throw e; } } @@ -138,21 +135,21 @@ public class CertificatePoliciesExt extends APolicyRule for (int j = 0; j < mNumCertPolicies; j++) { CertPolicies.addElement( - mCertPolicies[j].mCertificatePolicyInfo); + mCertPolicies[j].mCertificatePolicyInfo); } - mCertificatePoliciesExtension = + mCertificatePoliciesExtension = new CertificatePoliciesExtension(mCritical, CertPolicies); } catch (IOException e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Error initializing " + NAME + " Error: " + e)); + "Error initializing " + NAME + " Error: " + e)); } } // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies); + PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies); for (int i = 0; i < mNumCertPolicies; i++) { mCertPolicies[i].getInstanceParams(mInstanceParams); } @@ -161,19 +158,19 @@ public class CertificatePoliciesExt extends APolicyRule /** * Applies the policy on the given Request. * <p> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -194,8 +191,8 @@ public class CertificatePoliciesExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (Exception e) { } @@ -213,24 +210,24 @@ public class CertificatePoliciesExt extends APolicyRule } } extensions.set(CertificatePoliciesExtension.class.getSimpleName(), - mCertificatePoliciesExtension); + mCertificatePoliciesExtension); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", e.toString())); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", e.toString())); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", e.toString())); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } return PolicyResult.ACCEPTED; @@ -238,51 +235,51 @@ public class CertificatePoliciesExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** - * Default config parameters. - * To add more permitted or excluded subtrees, - * increase the num to greater than 0 and more configuration params + * Default config parameters. + * To add more permitted or excluded subtrees, + * increase the num to greater than 0 and more configuration params * will show up in the console. */ private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES); + PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES); String certPolicy0Dot = PROP_CERTPOLICY + "0."; mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + ""); mDefParams.addElement( - certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + ""); + certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + ""); } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } public String[] getExtendedPluginInfo(Locale locale) { Vector<String> theparams = new Vector<String>(); - + theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical."); theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1"); @@ -290,22 +287,22 @@ public class CertificatePoliciesExt extends APolicyRule String certPolicykDot = PROP_CERTPOLICY + k + "."; theparams.addElement(certPolicykDot + - CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n"); + CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_NOTICE_REF_NUMS + - ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_NOTICE_REF_NUMS + + ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5"); theparams.addElement(certPolicykDot + - CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5"); + CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5"); } theparams.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-certificatepolicies"); + ";configuration-policyrules-certificatepolicies"); theparams.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)"); + ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)"); String[] params = new String[theparams.size()]; @@ -314,7 +311,6 @@ public class CertificatePoliciesExt extends APolicyRule } } - class CertPolicy { protected static final String PROP_POLICY_IDENTIFIER = "policyId"; @@ -337,34 +333,35 @@ class CertPolicy { /** * forms policy map parameters. + * * @param name name of this policy map, for example certPolicy0 * @param config parent's config from where we find this configuration. * @param enabled whether policy was enabled. */ - protected CertPolicy(String name, IConfigStore config, boolean enabled) - throws EBaseException { + protected CertPolicy(String name, IConfigStore config, boolean enabled) + throws EBaseException { mName = name; mConfig = config.getSubStore(mName); mNameDot = mName + "."; - if( mConfig == null ) { - CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig is " + - "null!" ); - throw new EBaseException( "mConfig is null" ); + if (mConfig == null) { + CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig is " + + "null!"); + throw new EBaseException("mConfig is null"); } // if there's no configuration for this policy put it there. if (mConfig.size() == 0) { - config.putString(mNameDot + PROP_POLICY_IDENTIFIER, ""); - config.putString(mNameDot + PROP_NOTICE_REF_ORG, ""); - config.putString(mNameDot + PROP_NOTICE_REF_NUMS, ""); - config.putString(mNameDot + PROP_USER_NOTICE_TEXT, ""); - config.putString(mNameDot + PROP_CPS_URI, ""); + config.putString(mNameDot + PROP_POLICY_IDENTIFIER, ""); + config.putString(mNameDot + PROP_NOTICE_REF_ORG, ""); + config.putString(mNameDot + PROP_NOTICE_REF_NUMS, ""); + config.putString(mNameDot + PROP_USER_NOTICE_TEXT, ""); + config.putString(mNameDot + PROP_CPS_URI, ""); mConfig = config.getSubStore(mName); - if(mConfig == null || mConfig.size() == 0) { - CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig " + - "is null or empty!" ); - throw new EBaseException( "mConfig is null or empty" ); + if (mConfig == null || mConfig.size() == 0) { + CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig " + + "is null or empty!"); + throw new EBaseException("mConfig is null or empty"); } } @@ -376,28 +373,28 @@ class CertPolicy { mCpsUri = mConfig.getString(PROP_CPS_URI, null); // adjust for "" and console returning "null" - if (mPolicyId != null && - (mPolicyId.length() == 0 || + if (mPolicyId != null && + (mPolicyId.length() == 0 || mPolicyId.equals("null"))) { mPolicyId = null; } - if (mNoticeRefOrg != null && - (mNoticeRefOrg.length() == 0 || + if (mNoticeRefOrg != null && + (mNoticeRefOrg.length() == 0 || mNoticeRefOrg.equals("null"))) { mNoticeRefOrg = null; } - if (mNoticeRefNums != null && - (mNoticeRefNums.length() == 0 || + if (mNoticeRefNums != null && + (mNoticeRefNums.length() == 0 || mNoticeRefNums.equals("null"))) { mNoticeRefNums = null; } - if (mNoticeRefExplicitText != null && - (mNoticeRefExplicitText.length() == 0 || + if (mNoticeRefExplicitText != null && + (mNoticeRefExplicitText.length() == 0 || mNoticeRefExplicitText.equals("null"))) { mNoticeRefExplicitText = null; } - if (mCpsUri != null && - (mCpsUri.length() == 0 || + if (mCpsUri != null && + (mCpsUri.length() == 0 || mCpsUri.equals("null"))) { mCpsUri = null; } @@ -405,42 +402,43 @@ class CertPolicy { // policy ids cannot be null if policy is enabled. String msg = "value cannot be null."; - if (mPolicyId == null && enabled) + if (mPolicyId == null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_POLICY_IDENTIFIER, msg)); msg = "NoticeReference is optional; If chosen to include, NoticeReference must at least has 'organization'"; - if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled) + if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_NOTICE_REF_ORG, msg)); - - // if a policy id is not null check that it is a valid OID. + + // if a policy id is not null check that it is a valid OID. ObjectIdentifier policyId = null; - if (mPolicyId != null) + if (mPolicyId != null) policyId = CMS.checkOID( mNameDot + PROP_POLICY_IDENTIFIER, mPolicyId); - - // if enabled, form CertificatePolicyInfo to be encoded in - // extension. Policy ids should be all set. + + // if enabled, form CertificatePolicyInfo to be encoded in + // extension. Policy ids should be all set. if (enabled) { - CMS.debug("CertPolicy: in CertPolicy"); + CMS.debug("CertPolicy: in CertPolicy"); DisplayText displayText = null; - if (mNoticeRefExplicitText != null && - !mNoticeRefExplicitText.equals("")) + if (mNoticeRefExplicitText != null && + !mNoticeRefExplicitText.equals("")) displayText = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefExplicitText); - // new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText); + // new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText); DisplayText orgName = null; - if (mNoticeRefOrg != null && - !mNoticeRefOrg.equals("")) + if (mNoticeRefOrg != null && + !mNoticeRefOrg.equals("")) orgName = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg); - // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg); + // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg); - int[] nums = new int[0];; - if (mNoticeRefNums != null && - !mNoticeRefNums.equals("")) { + int[] nums = new int[0]; + ; + if (mNoticeRefNums != null && + !mNoticeRefNums.equals("")) { // should add a method to NoticeReference to take a // Vector...but let's do this for now @@ -468,24 +466,23 @@ class CertPolicy { try { cpolicyId = new CertificatePolicyId(ObjectIdentifier.getObjectIdentifier(mPolicyId)); } catch (Exception e) { - throw new - EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId)); + throw new EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId)); } PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - + NoticeReference noticeReference = null; - + if (orgName != null) noticeReference = new NoticeReference(orgName, nums); UserNotice userNotice = null; if (displayText != null || noticeReference != null) { - userNotice = new UserNotice (noticeReference, displayText); - + userNotice = new UserNotice(noticeReference, displayText); + PolicyQualifierInfo policyQualifierInfo1 = - new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice); + new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice); policyQualifiers.add(policyQualifierInfo1); } @@ -493,25 +490,25 @@ class CertPolicy { CPSuri cpsUri = null; if (mCpsUri != null && mCpsUri.length() > 0) { - cpsUri = new CPSuri (mCpsUri); + cpsUri = new CPSuri(mCpsUri); PolicyQualifierInfo policyQualifierInfo2 = - new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri); - + new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri); + policyQualifiers.add(policyQualifierInfo2); } if ((mNoticeRefOrg == null || mNoticeRefOrg.equals("")) && - (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) && - (mCpsUri == null || mCpsUri.equals(""))) { - CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg); - CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText); - CMS.debug("CertPolicy mCpsUri = "+mCpsUri); + (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) && + (mCpsUri == null || mCpsUri.equals(""))) { + CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg); + CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText); + CMS.debug("CertPolicy mCpsUri = " + mCpsUri); mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId); } else { - CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg); - CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText); - CMS.debug("CertPolicy mCpsUri = "+mCpsUri); + CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg); + CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText); + CMS.debug("CertPolicy mCpsUri = " + mCpsUri); mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers); } } @@ -519,20 +516,19 @@ class CertPolicy { protected void getInstanceParams(Vector<String> instanceParams) { instanceParams.addElement( - mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" : - mPolicyId)); + mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" : + mPolicyId)); instanceParams.addElement( - mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" : - mNoticeRefOrg)); + mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" : + mNoticeRefOrg)); instanceParams.addElement( - mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" : - mNoticeRefNums)); + mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" : + mNoticeRefNums)); instanceParams.addElement( - mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" : - mNoticeRefExplicitText)); + mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" : + mNoticeRefExplicitText)); instanceParams.addElement( - mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" : - mCpsUri)); + mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" : + mCpsUri)); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java index e3927502..174cdcf3 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Certificate Renewal Window Extension Policy * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class CertificateRenewalWindowExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_END_TIME = "relativeEndTime"; protected static final String PROP_BEGIN_TIME = "relativeBeginTime"; @@ -64,7 +63,7 @@ public class CertificateRenewalWindowExt extends APolicyRule protected String mEndTime; /** - * Adds the Netscape comment in the end-entity certificates or + * Adds the Netscape comment in the end-entity certificates or * CA certificates. The policy is set to be non-critical with the * provided OID. */ @@ -75,11 +74,11 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Initializes this policy rule. - * - * @param config The config store reference + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mCritical = config.getBoolean(PROP_CRITICAL, false); mBeginTime = config.getString(PROP_BEGIN_TIME, null); mEndTime = config.getString(PROP_END_TIME, null); @@ -89,16 +88,16 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Applies the policy on the given Request. * <p> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -128,8 +127,8 @@ public class CertificateRenewalWindowExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (Exception e) { } @@ -137,7 +136,7 @@ public class CertificateRenewalWindowExt extends APolicyRule // remove any previously computed version of the extension try { extensions.delete(CertificateRenewalWindowExtension.class.getSimpleName()); - + } catch (IOException e) { // this is the hack: for some reason, the key which is the name // of the policy has been converted into the OID @@ -154,22 +153,22 @@ public class CertificateRenewalWindowExt extends APolicyRule if (mEndTime == null || mEndTime.equals("")) { crwExt = new CertificateRenewalWindowExtension( - mCritical, + mCritical, getDateValue(now, mBeginTime), null); } else { crwExt = new CertificateRenewalWindowExtension( - mCritical, + mCritical, getDateValue(now, mBeginTime), getDateValue(now, mEndTime)); } - extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(), - crwExt); + extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(), + crwExt); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); + CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } return PolicyResult.ACCEPTED; @@ -179,13 +178,13 @@ public class CertificateRenewalWindowExt extends APolicyRule long time; if (s.endsWith("s")) { - time = 1000 * Long.parseLong(s.substring(0, + time = 1000 * Long.parseLong(s.substring(0, s.length() - 1)); } else if (s.endsWith("m")) { - time = 60 * 1000 * Long.parseLong(s.substring(0, + time = 60 * 1000 * Long.parseLong(s.substring(0, s.length() - 1)); } else if (s.endsWith("h")) { - time = 60 * 60 * 1000 * Long.parseLong(s.substring(0, + time = 60 * 60 * 1000 * Long.parseLong(s.substring(0, s.length() - 1)); } else if (s.endsWith("D")) { time = 24 * 60 * 60 * 1000 * Long.parseLong( @@ -206,9 +205,9 @@ public class CertificateRenewalWindowExt extends APolicyRule PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-certificaterenewalwindow", + ";configuration-policyrules-certificaterenewalwindow", IExtendedPluginInfo.HELP_TEXT + - ";Adds 'Certificate Renewal Window' extension. See manual" + ";Adds 'Certificate Renewal Window' extension. See manual" }; return params; @@ -217,10 +216,10 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_CRITICAL + "=" + mCritical); @@ -239,10 +238,10 @@ public class CertificateRenewalWindowExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java index 14ef4213..a4a5fde6 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -43,31 +42,31 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Certificate Scope Of Use extension policy. This extension * is defined in draft-thayes-cert-scope-00.txt * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class CertificateScopeOfUseExt extends APolicyRule implements +public class CertificateScopeOfUseExt extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_ENTRY = - "entry"; + "entry"; protected static final String PROP_NAME = - "name"; + "name"; protected static final String PROP_NAME_TYPE = - "name_type"; + "name_type"; protected static final String PROP_PORT_NUMBER = - "port_number"; + "port_number"; public static final int MAX_ENTRY = 5; @@ -82,11 +81,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements Vector<String> v = new Vector<String>(); v.addElement(PROP_CRITICAL + - ";boolean; This extension may be either critical or non-critical."); + ";boolean; This extension may be either critical or non-critical."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-certificatescopeofuse"); + ";configuration-policyrules-certificatescopeofuse"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Certificate Scope of Use Extension."); + ";Adds Certificate Scope of Use Extension."); for (int i = 0; i < MAX_ENTRY; i++) { v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO); @@ -99,17 +98,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; } @@ -124,7 +121,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements // for (int i = 0;; i++) { // get port number (optional) - String port = mConfig.getString(PROP_ENTRY + + String port = mConfig.getString(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER, null); BigInt portNumber = null; @@ -137,11 +134,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements // TAG ::= uriName | dirName // VALUE ::= [value defined by TAG] // - String name_type = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + + String name_type = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME_TYPE, null); - String name = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + + String name = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME, null); if (name == null || name.equals("")) @@ -157,7 +154,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements * If this policy is enabled, add the authority information * access extension to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -169,7 +166,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements IRequest.CERT_INFO); if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -177,29 +174,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME)); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Configuration Info Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME)); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // add access descriptions Vector<CertificateScopeEntry> entries = getScopeEntries(); if (entries.size() == 0) { return res; - } - + } + if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -212,29 +209,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements } // Create the extension - CertificateScopeOfUseExtension suExt = new - CertificateScopeOfUseExtension(mConfig.getBoolean( - PROP_CRITICAL, false), entries); + CertificateScopeOfUseExtension suExt = new + CertificateScopeOfUseExtension(mConfig.getBoolean( + PROP_CRITICAL, false), entries); extensions.set(CertificateScopeOfUseExtension.NAME, suExt); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - "Configuration Info Error encountered: " + - e.getMessage()); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Configuration Info Error"); + log(ILogger.LL_FAILURE, + "Configuration Info Error encountered: " + + e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } } @@ -244,15 +241,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); try { - params.addElement(PROP_CRITICAL + "=" + - mConfig.getBoolean(PROP_CRITICAL, false)); + params.addElement(PROP_CRITICAL + "=" + + mConfig.getBoolean(PROP_CRITICAL, false)); } catch (EBaseException e) { } @@ -260,50 +257,50 @@ public class CertificateScopeOfUseExt extends APolicyRule implements String name_type = null; try { - name_type = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + "_" + PROP_NAME_TYPE, + name_type = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME_TYPE, null); } catch (EBaseException e) { } if (name_type == null) break; - params.addElement(PROP_ENTRY + - Integer.toString(i) + - "_" + PROP_NAME_TYPE + "=" + name_type); + params.addElement(PROP_ENTRY + + Integer.toString(i) + + "_" + PROP_NAME_TYPE + "=" + name_type); String name = null; try { - name = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + "_" + PROP_NAME, + name = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_NAME, null); } catch (EBaseException e) { } if (name == null) break; - params.addElement(PROP_ENTRY + - Integer.toString(i) + - "_" + PROP_NAME + "=" + name); + params.addElement(PROP_ENTRY + + Integer.toString(i) + + "_" + PROP_NAME + "=" + name); String port = null; try { - port = mConfig.getString(PROP_ENTRY + - Integer.toString(i) + "_" + PROP_PORT_NUMBER, + port = mConfig.getString(PROP_ENTRY + + Integer.toString(i) + "_" + PROP_PORT_NUMBER, ""); } catch (EBaseException e) { } - params.addElement(PROP_ENTRY + - Integer.toString(i) + - "_" + PROP_PORT_NUMBER + "=" + port); + params.addElement(PROP_ENTRY + + Integer.toString(i) + + "_" + PROP_PORT_NUMBER + "=" + port); } return params; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); @@ -314,14 +311,13 @@ public class CertificateScopeOfUseExt extends APolicyRule implements // the CMS.cfg // for (int i = 0; i < MAX_ENTRY; i++) { - defParams.addElement(PROP_ENTRY + Integer.toString(i) + - "_" + PROP_NAME_TYPE + "="); - defParams.addElement(PROP_ENTRY + Integer.toString(i) + - "_" + PROP_NAME + "="); - defParams.addElement(PROP_ENTRY + Integer.toString(i) + - "_" + PROP_PORT_NUMBER + "="); + defParams.addElement(PROP_ENTRY + Integer.toString(i) + + "_" + PROP_NAME_TYPE + "="); + defParams.addElement(PROP_ENTRY + Integer.toString(i) + + "_" + PROP_NAME + "="); + defParams.addElement(PROP_ENTRY + Integer.toString(i) + + "_" + PROP_PORT_NUMBER + "="); } return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java index 94d7d8df..2684d02c 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * This implements the extended key usage extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_CRITICAL = "critical"; protected static final String PROP_PURPOSE_ID = "id"; protected static final String PROP_NUM_IDS = "numIds"; @@ -63,7 +62,7 @@ public class ExtendedKeyUsageExt extends APolicyRule private Vector<ObjectIdentifier> mUsages = null; private String[] mParams = null; - + // PKIX specifies the that the extension SHOULD NOT be critical public static final boolean DEFAULT_CRITICALITY = false; @@ -81,7 +80,7 @@ public class ExtendedKeyUsageExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; setExtendedPluginInfo(); setupParams(); @@ -99,7 +98,7 @@ public class ExtendedKeyUsageExt extends APolicyRule } X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -119,15 +118,15 @@ public class ExtendedKeyUsageExt extends APolicyRule try { // find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { try { @@ -143,17 +142,17 @@ public class ExtendedKeyUsageExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } } - + /** * Returns instance specific parameters. */ @@ -172,16 +171,16 @@ public class ExtendedKeyUsageExt extends APolicyRule for (int i = 0; i < numIds; i++) { if (mUsages.size() <= i) { - params.addElement(PROP_PURPOSE_ID + - Integer.toString(i) + "="); + params.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + "="); } else { usage = ((ObjectIdentifier) mUsages.elementAt(i)).toString(); if (usage == null) { - params.addElement(PROP_PURPOSE_ID + - Integer.toString(i) + "="); + params.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + "="); } else { - params.addElement(PROP_PURPOSE_ID + - Integer.toString(i) + "=" + usage); + params.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + "=" + usage); } } } @@ -200,17 +199,17 @@ public class ExtendedKeyUsageExt extends APolicyRule } for (int i = 0; i < mNum; i++) { v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" + - "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99"); + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99"); } v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs."); v.addElement(PROP_CRITICAL + - ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical."); + ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-extendedkeyusage"); + ";configuration-policyrules-extendedkeyusage"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Extended Key Usage Extension. Defined in RFC 2459 " + - "(4.2.1.13)"); + ";Adds Extended Key Usage Extension. Defined in RFC 2459 " + + "(4.2.1.13)"); mParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } @@ -221,7 +220,7 @@ public class ExtendedKeyUsageExt extends APolicyRule } return mParams; } - + /** * Returns default parameters. */ @@ -235,30 +234,32 @@ public class ExtendedKeyUsageExt extends APolicyRule } return defParams; } - + /** * Setups parameters. */ private void setupParams() throws EBaseException { - + mCritical = mConfig.getBoolean(PROP_CRITICAL, false); if (mUsages == null) { mUsages = new Vector<ObjectIdentifier>(); } - + int mNum = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID); for (int i = 0; i < mNum; i++) { ObjectIdentifier usageOID = null; - - String usage = mConfig.getString(PROP_PURPOSE_ID + + + String usage = mConfig.getString(PROP_PURPOSE_ID + Integer.toString(i), null); try { - - if (usage == null) break; + + if (usage == null) + break; usage = usage.trim(); - if (usage.equals("")) break; + if (usage.equals("")) + break; if (usage.equalsIgnoreCase("ocspsigning")) { usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning); } else if (usage.equalsIgnoreCase("codesigning")) { @@ -268,10 +269,10 @@ public class ExtendedKeyUsageExt extends APolicyRule usageOID = ObjectIdentifier.getObjectIdentifier(usage); } } catch (IOException ex) { - throw new EBaseException(this.getClass().getName() + ":" + + throw new EBaseException(this.getClass().getName() + ":" + ex.getMessage()); } catch (NumberFormatException ex) { - throw new EBaseException(this.getClass().getName() + ":" + + throw new EBaseException(this.getClass().getName() + ":" + "OID '" + usage + "' format error"); } mUsages.addElement(usageOID); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java index bdfdb14a..8305317e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -46,12 +45,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Private Integer extension policy. * If this policy is enabled, it adds an Private Integer * extension to the certificate. - * + * * The following listed sample configuration parameters: * * ca.Policy.impl.privateInteger.class=com.netscape.certsrv.policy.genericASNExt @@ -78,51 +76,52 @@ import com.netscape.cms.policy.APolicyRule; * ca.Policy.rule.genericASNExt.implName=genericASNExt * ca.Policy.rule.genericASNExt.predicate= * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class GenericASN1Ext extends APolicyRule implements +public class GenericASN1Ext extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final int MAX_ATTR = 10; protected static final String PROP_CRITICAL = - "critical"; + "critical"; protected static final String PROP_NAME = - "name"; + "name"; protected static final String PROP_OID = - "oid"; + "oid"; protected static final String PROP_PATTERN = - "pattern"; + "pattern"; protected static final String PROP_ATTRIBUTE = - "attribute"; + "attribute"; protected static final String PROP_TYPE = - "type"; + "type"; protected static final String PROP_SOURCE = - "source"; + "source"; protected static final String PROP_VALUE = - "value"; + "value"; protected static final String PROP_PREDICATE = - "predicate"; + "predicate"; protected static final String PROP_ENABLE = - "enable"; + "enable"; public IConfigStore mConfig = null; private String pattern = null; - + public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "enable" + ";boolean;Enable this policy", "predicate" + ";string;", PROP_CRITICAL + ";boolean;", - PROP_NAME + ";string;Name for this extension.", - PROP_OID + ";string;OID number for this extension. It should be unique.", + PROP_NAME + ";string;Name for this extension.", + PROP_OID + ";string;OID number for this extension. It should be unique.", PROP_PATTERN + ";string;Pattern for extension; {012}34", // Attribute 0 PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", @@ -165,14 +164,14 @@ public class GenericASN1Ext extends APolicyRule implements PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-genericasn1ext", + ";configuration-policyrules-genericasn1ext", IExtendedPluginInfo.HELP_TEXT + - ";Adds Private extension based on ASN1. See manual" + ";Adds Private extension based on ASN1. See manual" }; return s; } - + public GenericASN1Ext() { NAME = "GenericASN1Ext"; DESC = "Sets Generic extension for certificates"; @@ -181,17 +180,15 @@ public class GenericASN1Ext extends APolicyRule implements /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=genericASNExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>.predicate= - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=genericASNExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate= + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; if (mConfig == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR")); @@ -202,32 +199,32 @@ public class GenericASN1Ext extends APolicyRule implements if (enable == false) return; - + String oid = mConfig.getString(PROP_OID, null); if ((oid == null) || (oid.length() == 0)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR")); return; } - + String name = mConfig.getString(PROP_NAME, null); if ((name == null) || (name.length() == 0)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR")); return; } - + try { if (File.separatorChar == '\\') { pattern = mConfig.getString(PROP_PATTERN, null); checkFilename(0); - } + } } catch (IOException e) { log(ILogger.LL_FAILURE, "" + e.toString()); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "" + e.toString()); } - + // Check OID value CMS.checkOID(name, oid); pattern = mConfig.getString(PROP_PATTERN, null); @@ -241,14 +238,14 @@ public class GenericASN1Ext extends APolicyRule implements } catch (CertificateException e) { log(ILogger.LL_FAILURE, "" + e.toString()); } - + } // Check filename - private int checkFilename(int index) - throws IOException, EBaseException { + private int checkFilename(int index) + throws IOException, EBaseException { String source = null; - + while (index < pattern.length()) { char ch = pattern.charAt(index); @@ -262,28 +259,28 @@ public class GenericASN1Ext extends APolicyRule implements return index; default: - source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null); + source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null); if ((source != null) && (source.equalsIgnoreCase("file"))) { - String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); + String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); String nValue = oValue.replace('\\', '/'); - mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue); + mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue); FileInputStream fis = new FileInputStream(nValue); fis.close(); - } + } } index++; - } + } return index; } // Check oid - private int checkOID(int index) - throws EBaseException { + private int checkOID(int index) + throws EBaseException { String type = null; String oid = null; - + while (index < pattern.length()) { char ch = pattern.charAt(index); @@ -297,23 +294,23 @@ public class GenericASN1Ext extends APolicyRule implements return index; default: - type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null); + type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null); if ((type != null) && (type.equalsIgnoreCase("OID"))) { - oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); + oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null); CMS.checkOID(oid, oid); - } + } } index++; - } + } return index; } - + /** * If this policy is enabled, add the private Integer * information extension to the certificate. * <P> - * + * * @param req The request on which to apply policy. * @return The policy result object. */ @@ -321,9 +318,9 @@ public class GenericASN1Ext extends APolicyRule implements PolicyResult res = PolicyResult.ACCEPTED; X509CertInfo certInfo; X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + if (ci == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -343,7 +340,7 @@ public class GenericASN1Ext extends APolicyRule implements if (extensions == null) { // create extension if not exist certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { @@ -358,35 +355,35 @@ public class GenericASN1Ext extends APolicyRule implements // Create the extension GenericASN1Extension priExt = mkExtension(); - + extensions.set(priExt.getName(), priExt); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Configuration Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Pattern parsing error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Pattern parsing error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Unknown Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Unknown Error"); return PolicyResult.REJECTED; // unrecoverable error. } } @@ -397,7 +394,7 @@ public class GenericASN1Ext extends APolicyRule implements * Construct GenericASN1Extension with value from CMS.cfg */ protected GenericASN1Extension mkExtension() - throws IOException, EBaseException, ParseException { + throws IOException, EBaseException, ParseException { GenericASN1Extension ext; Hashtable<String, String> h = new Hashtable<String, String>(); @@ -413,21 +410,21 @@ public class GenericASN1Ext extends APolicyRule implements String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE; String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE; String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE; - + h.put(proptype, mConfig.getString(proptype, null)); h.put(propsource, mConfig.getString(propsource, null)); h.put(propvalue, mConfig.getString(propvalue, null)); } ext = new GenericASN1Extension(h); return ext; - } - + } + /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { int idx = 0; Vector<String> params = new Vector<String>(); @@ -436,7 +433,7 @@ public class GenericASN1Ext extends APolicyRule implements params.addElement(PROP_NAME + "=" + mConfig.getString(PROP_NAME, null)); params.addElement(PROP_OID + "=" + mConfig.getString(PROP_OID, null)); params.addElement(PROP_PATTERN + "=" + mConfig.getString(PROP_PATTERN, null)); - + for (idx = 0; idx < MAX_ATTR; idx++) { String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE; String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE; @@ -447,7 +444,8 @@ public class GenericASN1Ext extends APolicyRule implements params.addElement(propvalue + "=" + mConfig.getString(propvalue, null)); } params.addElement(PROP_PREDICATE + "=" + mConfig.getString(PROP_PREDICATE, null)); - } catch (EBaseException e) {; + } catch (EBaseException e) { + ; } return params; @@ -455,26 +453,25 @@ public class GenericASN1Ext extends APolicyRule implements /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { int idx = 0; - + Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); defParams.addElement(PROP_NAME + "="); defParams.addElement(PROP_OID + "="); defParams.addElement(PROP_PATTERN + "="); - + for (idx = 0; idx < MAX_ATTR; idx++) { defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE + "="); defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE + "="); defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE + "="); } - + return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java index 9524f689..4124b7be 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -41,23 +40,23 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Issuer Alt Name Extension policy. * - * This extension is used to associate Internet-style identities - * with the Certificate issuer. + * This extension is used to associate Internet-style identities + * with the Certificate issuer. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class IssuerAltNameExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_CRITICAL = "critical"; // PKIX specifies the that the extension SHOULD NOT be critical @@ -69,15 +68,15 @@ public class IssuerAltNameExt extends APolicyRule static { defaultParams.addElement(PROP_CRITICAL + "=" + DEFAULT_CRITICALITY); CMS.getGeneralNamesConfigDefaultParams(null, true, defaultParams); - + Vector<String> info = new Vector<String>(); info.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical."); info.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-issueraltname"); + ";configuration-policyrules-issueraltname"); info.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the Issuer Alternative Name " + - "Extension into the certificate. See RFC 2459 (4.2.1.8). "); + ";This policy inserts the Issuer Alternative Name " + + "Extension into the certificate. See RFC 2459 (4.2.1.8). "); CMS.getGeneralNamesConfigExtendedPluginInfo(null, true, info); @@ -102,10 +101,11 @@ public class IssuerAltNameExt extends APolicyRule /** * Initializes this policy rule. - * @param config The config store reference + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // get criticality @@ -120,43 +120,43 @@ public class IssuerAltNameExt extends APolicyRule // form extension try { - if (mEnabled && - mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) { - mExtension = + if (mEnabled && + mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) { + mExtension = new IssuerAlternativeNameExtension( - Boolean.valueOf(mCritical), mGNs.getGeneralNames()); + Boolean.valueOf(mCritical), mGNs.getGeneralNames()); } } catch (Exception e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } // init instance params - mParams.addElement(PROP_CRITICAL + "=" + mCritical); + mParams.addElement(PROP_CRITICAL + "=" + mCritical); mGNs.getInstanceParams(mParams); return; } /** - * Adds a extension if none exists. - * - * @param req The request on which to apply policy. + * Adds a extension if none exists. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; - if (mEnabled == false || mExtension == null) + if (mEnabled == false || mExtension == null) return res; - // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + // get cert info. + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -188,7 +188,7 @@ public class IssuerAltNameExt extends APolicyRule extensions = new CertificateExtensions(); try { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { // not possible @@ -214,10 +214,10 @@ public class IssuerAltNameExt extends APolicyRule try { extensions.set(IssuerAlternativeNameExtension.class.getSimpleName(), mExtension); } catch (Exception e) { - if (e instanceof RuntimeException) + if (e instanceof RuntimeException) throw (RuntimeException) e; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME); return PolicyResult.REJECTED; } @@ -226,21 +226,21 @@ public class IssuerAltNameExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return Empty Vector since this policy has no configuration parameters. - * for this policy instance. + * for this policy instance. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mParams; } /** * Return default parameters for a policy implementation. - * - * @return Empty Vector since this policy implementation has no - * configuration parameters. + * + * @return Empty Vector since this policy implementation has no + * configuration parameters. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return defaultParams; } @@ -249,4 +249,3 @@ public class IssuerAltNameExt extends APolicyRule } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java index 4e9ef825..3f4e029a 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -44,25 +43,25 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Policy to add Key Usage Extension. * Adds the key usage extension based on what's requested. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class KeyUsageExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private final static String HTTP_INPUT = "HTTP_INPUT"; - protected static final boolean[] DEF_BITS = - new boolean[KeyUsageExtension.NBITS]; + protected static final boolean[] DEF_BITS = + new boolean[KeyUsageExtension.NBITS]; protected int mCAPathLen = -1; protected IConfigStore mConfig = null; protected static final String PROP_CRITICAL = "critical"; @@ -97,25 +96,23 @@ public class KeyUsageExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=KeyUsageExt - * ca.Policy.rule.<ruleName>.enable=true - * ca.Policy.rule.<ruleName>. - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=KeyUsageExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>. + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager")); } @@ -146,29 +143,29 @@ public class KeyUsageExt extends APolicyRule /** * Adds the key usage extension if not set already. - * (CRMF, agent, authentication (currently) or PKCS#10 (future) - * or RA could have set the extension.) - * If not set, set from http input parameters or use default if + * (CRMF, agent, authentication (currently) or PKCS#10 (future) + * or RA could have set the extension.) + * If not set, set from http input parameters or use default if * no http input parameters are set. * - * Note: this allows any bits requested - does not check if user - * authenticated is allowed to have a Key Usage Extension with - * those bits. Unless the CA's certificate path length is 0, then + * Note: this allows any bits requested - does not check if user + * authenticated is allowed to have a Key Usage Extension with + * those bits. Unless the CA's certificate path length is 0, then * we do not allow CA sign or CRL sign bits in any request. * * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -184,7 +181,7 @@ public class KeyUsageExt extends APolicyRule public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) { try { CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); KeyUsageExtension ext = null; if (extensions != null) { @@ -203,11 +200,11 @@ public class KeyUsageExt extends APolicyRule if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT && bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true) || - (bits.length > KeyUsageExtension.CRL_SIGN_BIT && + (bits.length > KeyUsageExtension.CRL_SIGN_BIT && bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) { - setError(req, - CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), - NAME); + setError(req, + CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), + NAME); return PolicyResult.REJECTED; } } @@ -216,8 +213,8 @@ public class KeyUsageExt extends APolicyRule } else { // create extensions set if none. if (extensions == null) { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -225,41 +222,41 @@ public class KeyUsageExt extends APolicyRule boolean[] bits = new boolean[KeyUsageExtension.NBITS]; - bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature", - mDigitalSignature, req); - bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation", + bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature", + mDigitalSignature, req); + bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation", mNonRepudiation, req); - bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment", + bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment", mKeyEncipherment, req); - bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment", + bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment", mDataEncipherment, req); - bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement", - mKeyAgreement, req); - bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign", + bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement", + mKeyAgreement, req); + bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign", mKeyCertsign, req); bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign, req); bits[KeyUsageExtension.ENCIPHER_ONLY_BIT] = getBit("encipher_only", mEncipherOnly, req); - bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only", + bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only", mDecipherOnly, req); - + // don't allow no bits set or the extension does not // encode/decode properlly. boolean bitset = false; for (int i = 0; i < bits.length; i++) { if (bits[i]) { - bitset = true; + bitset = true; break; } } if (!bitset) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME)); setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"), - NAME); + NAME); return PolicyResult.REJECTED; } - + // create the extension. try { mKeyUsage = new KeyUsageExtension(mCritical, bits); @@ -269,23 +266,23 @@ public class KeyUsageExt extends APolicyRule return PolicyResult.ACCEPTED; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_CRITICAL + "=" + mCritical); @@ -328,21 +325,21 @@ public class KeyUsageExt extends APolicyRule PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-keyusage", + ";configuration-policyrules-keyusage", IExtendedPluginInfo.HELP_TEXT + - ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)" + ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)" - }; + }; return params; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } @@ -355,4 +352,3 @@ public class KeyUsageExt extends APolicyRule return Boolean.valueOf(choice).booleanValue(); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java index 019e3e08..e3cb7ddc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.BufferedReader; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Netscape comment * Adds Netscape comment policy * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class NSCCommentExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_USER_NOTICE_DISPLAY_TEXT = "displayText"; protected static final String PROP_COMMENT_FILE = "commentFile"; @@ -68,17 +67,17 @@ public class NSCCommentExt extends APolicyRule protected static final String TEXT = "Text"; protected static final String FILE = "File"; - protected String mUserNoticeDisplayText; - protected String mCommentFile; - protected String mInputType; + protected String mUserNoticeDisplayText; + protected String mCommentFile; + protected String mInputType; protected boolean mCritical; private Vector<String> mParams = new Vector<String>(); - protected String tempCommentFile; + protected String tempCommentFile; protected boolean certApplied = false; /** - * Adds the Netscape comment in the end-entity certificates or + * Adds the Netscape comment in the end-entity certificates or * CA certificates. The policy is set to be non-critical with the * provided OID. */ @@ -91,16 +90,13 @@ public class NSCCommentExt extends APolicyRule * Initializes this policy rule. * <p> * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl - * ca.Policy.rule.<ruleName>.displayText=<n> - * ca.Policy.rule.<ruleName>.commentFile=<n> - * ca.Policy.rule.<ruleName>.enable=false - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl ca.Policy.rule.<ruleName>.displayText=<n> ca.Policy.rule.<ruleName>.commentFile=<n> ca.Policy.rule.<ruleName>.enable=false + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { FileInputStream fileStream = null; @@ -138,11 +134,11 @@ public class NSCCommentExt extends APolicyRule mParams.addElement(PROP_COMMENT_FILE + "=" + mCommentFile); } catch (FileNotFoundException e) { - Object[] params = {getInstanceName(), "File not found : " + tempCommentFile}; + Object[] params = { getInstanceName(), "File not found : " + tempCommentFile }; throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params); } catch (Exception e) { - Object[] params = {getInstanceName(), e.getMessage()}; + Object[] params = { getInstanceName(), e.getMessage() }; throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params); } @@ -151,16 +147,16 @@ public class NSCCommentExt extends APolicyRule /** * Applies the policy on the given Request. * <p> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -191,8 +187,8 @@ public class NSCCommentExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (Exception e) { } @@ -200,7 +196,7 @@ public class NSCCommentExt extends APolicyRule // remove any previously computed version of the extension try { extensions.delete(NSCCommentExtension.class.getSimpleName()); - + } catch (IOException e) { // this is the hack: for some reason, the key which is the name // of the policy has been converted into the OID @@ -225,9 +221,9 @@ public class NSCCommentExt extends APolicyRule fis.close(); } catch (IOException e) { setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, " Comment Text file not found : " + mCommentFile); + NAME, " Comment Text file not found : " + mCommentFile); log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString())); + CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString())); return PolicyResult.REJECTED; } @@ -235,20 +231,20 @@ public class NSCCommentExt extends APolicyRule } certApplied = true; - + DisplayText displayText = - new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText); + new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText); try { - NSCCommentExtension cpExt = - new NSCCommentExtension(mCritical, mUserNoticeDisplayText); + NSCCommentExtension cpExt = + new NSCCommentExtension(mCritical, mUserNoticeDisplayText); extensions.set(NSCCommentExtension.class.getSimpleName(), cpExt); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); + CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME)); setError(req, - CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); + CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME); return PolicyResult.REJECTED; } return PolicyResult.ACCEPTED; @@ -258,16 +254,16 @@ public class NSCCommentExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.", PROP_INPUT_TYPE + ";choice(Text,File);Whether the comments " + - "would be entered in the displayText field or come from " + - "a file.", + "would be entered in the displayText field or come from " + + "a file.", PROP_USER_NOTICE_DISPLAY_TEXT + ";string;The comment that may be " + - "displayed to the user when the certificate is viewed.", + "displayed to the user when the certificate is viewed.", PROP_COMMENT_FILE + ";string; If data source is 'File', specify " + - "the file name with full path.", + "the file name with full path.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-nsccomment", + ";configuration-policyrules-nsccomment", IExtendedPluginInfo.HELP_TEXT + - ";Adds 'netscape comment' extension. See manual" + ";Adds 'netscape comment' extension. See manual" }; return params; @@ -276,19 +272,19 @@ public class NSCCommentExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_CRITICAL + "=false"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java index 88c57d2e..a0db6c04 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -46,30 +45,30 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * NS Cert Type policy. * Adds the ns cert type extension depending on cert type requested. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class NSCertTypeExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits"; protected static final boolean DEF_SET_DEFAULT_BITS = true; - protected static final String DEF_SET_DEFAULT_BITS_VAL = - Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString(); + protected static final String DEF_SET_DEFAULT_BITS_VAL = + Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString(); protected static final int DEF_PATHLEN = -1; - protected static final boolean[] DEF_BITS = - new boolean[NSCertTypeExtension.NBITS]; + protected static final boolean[] DEF_BITS = + new boolean[NSCertTypeExtension.NBITS]; // XXX for future use. currenlty always allow. protected static final String PROP_AGENT_OVERR = "allowAgentOverride"; @@ -112,16 +111,15 @@ public class NSCertTypeExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt - * ra.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt ra.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // XXX future use. @@ -130,7 +128,7 @@ public class NSCertTypeExt extends APolicyRule mCritical = config.getBoolean(PROP_CRITICAL, false); ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor) owner).getAuthority(); + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority instanceof ICertificateAuthority) { CertificateChain caChain = certAuthority.getCACertChain(); @@ -141,7 +139,7 @@ public class NSCertTypeExt extends APolicyRule // CA reject if it does not allow any subordinate CA certs. if (caChain != null) { caCert = caChain.getFirstCertificate(); - if (caCert != null) + if (caCert != null) mCAPathLen = caCert.getBasicConstraints(); } } @@ -155,21 +153,21 @@ public class NSCertTypeExt extends APolicyRule * reads ns cert type choices from form. If no choices from form * will defaults to all. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()"); PolicyResult res = PolicyResult.ACCEPTED; - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -184,10 +182,10 @@ public class NSCertTypeExt extends APolicyRule public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) { try { - String certType = - req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + String certType = + req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); NSCertTypeExtension nsCertTypeExt = null; if (extensions != null) { @@ -201,13 +199,13 @@ public class NSCertTypeExt extends APolicyRule } // XXX agent servlet currently sets this. it should be // delayed to here. - if (nsCertTypeExt != null && - extensionIsGood(nsCertTypeExt, req)) { + if (nsCertTypeExt != null && + extensionIsGood(nsCertTypeExt, req)) { CMS.debug( - "NSCertTypeExt: already has correct ns cert type ext"); + "NSCertTypeExt: already has correct ns cert type ext"); return PolicyResult.ACCEPTED; - } else if ((nsCertTypeExt != null) && - (certType.equals("ocspResponder"))) { + } else if ((nsCertTypeExt != null) && + (certType.equals("ocspResponder"))) { // Fix for #528732 : Always delete // this extension from OCSP signing cert extensions.delete(NSCertTypeExtension.class.getSimpleName()); @@ -216,12 +214,12 @@ public class NSCertTypeExt extends APolicyRule } else { // create extensions set if none. if (extensions == null) { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); CMS.debug( - "NSCertTypeExt: Created extensions for adding ns cert type.."); + "NSCertTypeExt: Created extensions for adding ns cert type.."); } } // add ns cert type extension if not set or not set correctly. @@ -230,12 +228,12 @@ public class NSCertTypeExt extends APolicyRule bits = getBitsFromRequest(req, mSetDefaultBits); // check if ca doesn't allow any subordinate ca - if (mCAPathLen == 0 && bits != null) { - if (bits[NSCertTypeExtension.SSL_CA_BIT] || - bits[NSCertTypeExtension.EMAIL_CA_BIT] || - bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) { - setError(req, - CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME); + if (mCAPathLen == 0 && bits != null) { + if (bits[NSCertTypeExtension.SSL_CA_BIT] || + bits[NSCertTypeExtension.EMAIL_CA_BIT] || + bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) { + setError(req, + CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME); return PolicyResult.REJECTED; } } @@ -249,11 +247,12 @@ public class NSCertTypeExt extends APolicyRule int j; for (j = 0; bits != null && j < bits.length; j++) - if (bits[j]) break; + if (bits[j]) + break; if (bits == null || j == bits.length) { if (!mSetDefaultBits) { CMS.debug( - "NSCertTypeExt: no bits requested, not setting default."); + "NSCertTypeExt: no bits requested, not setting default."); return PolicyResult.ACCEPTED; } else bits = DEF_BITS; @@ -264,26 +263,26 @@ public class NSCertTypeExt extends APolicyRule return PolicyResult.ACCEPTED; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } } /** - * check if ns cert type extension is set correctly, - * correct bits if not. + * check if ns cert type extension is set correctly, + * correct bits if not. * if not authorized to set extension, bits will be replaced. */ protected boolean extensionIsGood( - NSCertTypeExtension nsCertTypeExt, IRequest req) - throws IOException, CertificateException { + NSCertTypeExtension nsCertTypeExt, IRequest req) + throws IOException, CertificateException { // always return false for now to make sure minimum is set. // agents and ee can add others. @@ -295,7 +294,7 @@ public class NSCertTypeExt extends APolicyRule // don't know where this came from. // set all bits to false to reset. CMS.debug( - "NSCertTypeExt: unknown origin: setting ns cert type bits to false"); + "NSCertTypeExt: unknown origin: setting ns cert type bits to false"); boolean[] bits = new boolean[8]; for (int i = bits.length - 1; i >= 0; i--) { @@ -316,36 +315,36 @@ public class NSCertTypeExt extends APolicyRule } if (certType.equals(IRequest.CA_CERT)) { if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) && - !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) && - !nsCertTypeExt.isSet( - NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) { + !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) && + !nsCertTypeExt.isSet( + NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) { // min not set so set all. CMS.debug( - "NSCertTypeExt: is extension good: no ca bits set. set all"); + "NSCertTypeExt: is extension good: no ca bits set. set all"); - nsCertTypeExt.set(NSCertTypeExtension.SSL_CA, - Boolean.valueOf(true)); + nsCertTypeExt.set(NSCertTypeExtension.SSL_CA, + Boolean.valueOf(true)); nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA, - Boolean.valueOf(true)); + Boolean.valueOf(true)); nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA, - Boolean.valueOf(true)); + Boolean.valueOf(true)); } return true; } else if (certType.equals(IRequest.CLIENT_CERT)) { if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) && - !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) && - !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) && - !nsCertTypeExt.isSet( - NSCertTypeExtension.OBJECT_SIGNING_BIT)) { + !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) && + !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) && + !nsCertTypeExt.isSet( + NSCertTypeExtension.OBJECT_SIGNING_BIT)) { // min not set so set all. CMS.debug( - "NSCertTypeExt: is extension good: no cl bits set. set all"); - nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT, - new Boolean(true)); + "NSCertTypeExt: is extension good: no cl bits set. set all"); + nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT, + new Boolean(true)); nsCertTypeExt.set(NSCertTypeExtension.EMAIL, - new Boolean(true)); + new Boolean(true)); nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING, - new Boolean(true)); + new Boolean(true)); } return true; } else if (certType.equals(IRequest.SERVER_CERT)) { @@ -359,13 +358,13 @@ public class NSCertTypeExt extends APolicyRule /** * Gets ns cert type bits from request. - * If none set, use cert type to determine correct bits. - * If no cert type, use default. - */ + * If none set, use cert type to determine correct bits. + * If no cert type, use default. + */ protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) { boolean[] bits = null; - + CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars"); bits = getNSCertTypeBits(req); if (bits == null && setDefault) { @@ -440,14 +439,14 @@ public class NSCertTypeExt extends APolicyRule */ protected boolean[] getCertTypeBits(IRequest req) { String certType = - req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - if (certType == null || certType.length() == 0) + if (certType == null || certType.length() == 0) return null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; - for (int i = bits.length - 1; i >= 0; i--) + for (int i = bits.length - 1; i >= 0; i--) bits[i] = false; if (certType.equals(IRequest.CLIENT_CERT)) { @@ -477,7 +476,7 @@ public class NSCertTypeExt extends APolicyRule } /** - * merge bits with those set from form. + * merge bits with those set from form. * make sure required minimum is set. Agent or auth can set others. * XXX form shouldn't set the extension */ @@ -492,10 +491,10 @@ public class NSCertTypeExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_CRITICAL + "=" + mCritical); @@ -507,22 +506,22 @@ public class NSCertTypeExt extends APolicyRule private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement( - PROP_CRITICAL + "=false"); + PROP_CRITICAL + "=false"); mDefParams.addElement( - PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS); + PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS); } public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.", PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " + - "type extension with default bits ('ssl client' and 'email') in certificates " + - "specified by the predicate " + - "expression.", + "type extension with default bits ('ssl client' and 'email') in certificates " + + "specified by the predicate " + + "expression.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-nscerttype", + ";configuration-policyrules-nscerttype", IExtendedPluginInfo.HELP_TEXT + - ";Adds Netscape Certificate Type extension." + ";Adds Netscape Certificate Type extension." }; return params; @@ -530,11 +529,10 @@ public class NSCertTypeExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java index 8b8001bb..4fd38077 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -43,22 +42,22 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Name Constraints Extension Policy - * Adds the name constraints extension to a (CA) certificate. + * Adds the name constraints extension to a (CA) certificate. * Filtering of CA certificates is done through predicates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class NameConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_NUM_PERMITTEDSUBTREES = "numPermittedSubtrees"; protected static final String PROP_NUM_EXCLUDEDSUBTREES = "numExcludedSubtrees"; @@ -90,37 +89,35 @@ public class NameConstraintsExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // XXX should do do this ? // if CA does not allow subordinate CAs by way of basic constraints, // this policy always rejects /***** - ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor)owner).getAuthority(); - if (certAuthority instanceof ICertificateAuthority) { - CertificateChain caChain = certAuthority.getCACertChain(); - X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. - if (caChain != null) { - caCert = caChain.getFirstCertificate(); - if (caCert != null) - mCAPathLen = caCert.getBasicConstraints(); - } - } + * ICertAuthority certAuthority = (ICertAuthority) + * ((IPolicyProcessor)owner).getAuthority(); + * if (certAuthority instanceof ICertificateAuthority) { + * CertificateChain caChain = certAuthority.getCACertChain(); + * X509Certificate caCert = null; + * // Note that in RA the chain could be null if CA was not up when + * // RA was started. In that case just set the length to -1 and let + * // CA reject if it does not allow any subordinate CA certs. + * if (caChain != null) { + * caCert = caChain.getFirstCertificate(); + * if (caCert != null) + * mCAPathLen = caCert.getBasicConstraints(); + * } + * } ****/ mEnabled = mConfig.getBoolean( @@ -133,25 +130,25 @@ public class NameConstraintsExt extends APolicyRule if (mNumPermittedSubtrees < 0) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_NUM_PERMITTEDSUBTREES, + PROP_NUM_PERMITTEDSUBTREES, "value must be greater than or equal to 0")); } if (mNumExcludedSubtrees < 0) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_NUM_EXCLUDEDSUBTREES, + PROP_NUM_EXCLUDEDSUBTREES, "value must be greater than or equal to 0")); } // init permitted subtrees if any. if (mNumPermittedSubtrees > 0) { - mPermittedSubtrees = + mPermittedSubtrees = form_subtrees(PROP_PERMITTEDSUBTREES, mNumPermittedSubtrees); CMS.debug("NameConstraintsExt: formed permitted subtrees"); } // init excluded subtrees if any. if (mNumExcludedSubtrees > 0) { - mExcludedSubtrees = + mExcludedSubtrees = form_subtrees(PROP_EXCLUDEDSUBTREES, mNumExcludedSubtrees); CMS.debug("NameConstraintsExt: formed excluded subtrees"); } @@ -163,13 +160,13 @@ public class NameConstraintsExt extends APolicyRule for (int i = 0; i < mNumPermittedSubtrees; i++) { permittedSubtrees.addElement( - mPermittedSubtrees[i].mGeneralSubtree); + mPermittedSubtrees[i].mGeneralSubtree); } Vector<GeneralSubtree> excludedSubtrees = new Vector<GeneralSubtree>(); for (int j = 0; j < mNumExcludedSubtrees; j++) { excludedSubtrees.addElement( - mExcludedSubtrees[j].mGeneralSubtree); + mExcludedSubtrees[j].mGeneralSubtree); } GeneralSubtrees psb = null; @@ -181,44 +178,44 @@ public class NameConstraintsExt extends APolicyRule if (excludedSubtrees.size() > 0) { esb = new GeneralSubtrees(excludedSubtrees); } - mNameConstraintsExtension = - new NameConstraintsExtension(mCritical, - psb, - esb); + mNameConstraintsExtension = + new NameConstraintsExtension(mCritical, + psb, + esb); CMS.debug("NameConstraintsExt: formed Name Constraints Extension " + - mNameConstraintsExtension); + mNameConstraintsExtension); } catch (IOException e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Error initializing Name Constraints Extension: " + e)); + "Error initializing Name Constraints Extension: " + e)); } } // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees); + PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees); mInstanceParams.addElement( - PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees); + PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees); if (mNumPermittedSubtrees > 0) { - for (int i = 0; i < mPermittedSubtrees.length; i++) + for (int i = 0; i < mPermittedSubtrees.length; i++) mPermittedSubtrees[i].getInstanceParams(mInstanceParams); } if (mNumExcludedSubtrees > 0) { - for (int j = 0; j < mExcludedSubtrees.length; j++) + for (int j = 0; j < mExcludedSubtrees.length; j++) mExcludedSubtrees[j].getInstanceParams(mInstanceParams); } } - Subtree[] form_subtrees(String subtreesName, int numSubtrees) - throws EBaseException { + Subtree[] form_subtrees(String subtreesName, int numSubtrees) + throws EBaseException { Subtree[] subtrees = new Subtree[numSubtrees]; for (int i = 0; i < numSubtrees; i++) { String subtreeName = subtreesName + i; IConfigStore subtreeConfig = mConfig.getSubStore(subtreeName); - Subtree subtree = - new Subtree(subtreeName, subtreeConfig, mEnabled); + Subtree subtree = + new Subtree(subtreeName, subtreeConfig, mEnabled); subtrees[i] = subtree; } @@ -228,10 +225,10 @@ public class NameConstraintsExt extends APolicyRule /** * Adds Name Constraints Extension to a (CA) certificate. * - * If a Name constraints Extension is already there, accept it if + * If a Name constraints Extension is already there, accept it if * it's been approved by agent, else replace it. - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -244,12 +241,12 @@ public class NameConstraintsExt extends APolicyRule } // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -269,7 +266,7 @@ public class NameConstraintsExt extends APolicyRule try { NameConstraintsExtension nameConstraintsExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -283,65 +280,65 @@ public class NameConstraintsExt extends APolicyRule if (nameConstraintsExt != null) { if (agentApproved(req)) { CMS.debug( - "NameConstraintsExt: request id from agent " + req.getRequestId() + - " already has name constraints - accepted"); + "NameConstraintsExt: request id from agent " + req.getRequestId() + + " already has name constraints - accepted"); return PolicyResult.ACCEPTED; } else { CMS.debug( - "NameConstraintsExt: request id " + req.getRequestId() + " from user " + - " already has name constraints - deleted"); + "NameConstraintsExt: request id " + req.getRequestId() + " from user " + + " already has name constraints - deleted"); extensions.delete(NameConstraintsExtension.class.getSimpleName()); } } if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension); + NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension); CMS.debug( - "NameConstraintsExt: added Name Constraints Extension to request " + - req.getRequestId()); + "NameConstraintsExt: added Name Constraints Extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** - * Default config parameters. - * To add more permitted or excluded subtrees, - * increase the num to greater than 0 and more configuration params + * Default config parameters. + * To add more permitted or excluded subtrees, + * increase the num to greater than 0 and more configuration params * will show up in the console. */ private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES); + PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES); mDefParams.addElement( - PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES); + PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES); for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) { Subtree.getDefaultParams(PROP_PERMITTEDSUBTREES + k, mDefParams); } @@ -352,10 +349,10 @@ public class NameConstraintsExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } @@ -364,9 +361,9 @@ public class NameConstraintsExt extends APolicyRule theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be critical."); theparams.addElement( - PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); + PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); theparams.addElement( - PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); + PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11"); // now do the subtrees. for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) { @@ -376,9 +373,9 @@ public class NameConstraintsExt extends APolicyRule Subtree.getExtendedPluginInfo(PROP_EXCLUDEDSUBTREES + l, theparams); } theparams.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-nameconstraints"); + ";configuration-policyrules-nameconstraints"); theparams.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Name Constraints Extension. See RFC 2459"); + ";Adds Name Constraints Extension. See RFC 2459"); String[] info = new String[theparams.size()]; @@ -387,9 +384,8 @@ public class NameConstraintsExt extends APolicyRule } } - /** - * subtree configuration + * subtree configuration */ class Subtree { @@ -400,8 +396,7 @@ class Subtree { protected static final int DEF_MIN = 0; protected static final int DEF_MAX = -1; // -1 (less than 0) means not set. - protected static final String - MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11"; + protected static final String MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11"; String mName = null; IConfigStore mConfig = null; @@ -414,13 +409,13 @@ class Subtree { String mNameDotMax = null; public Subtree( - String subtreeName, IConfigStore config, boolean policyEnabled) - throws EBaseException { + String subtreeName, IConfigStore config, boolean policyEnabled) + throws EBaseException { mName = subtreeName; mConfig = config; if (mName != null) { - mNameDot = mName + "."; + mNameDot = mName + "."; mNameDotMin = mNameDot + PROP_MIN; mNameDotMax = mNameDot + PROP_MAX; } else { @@ -439,13 +434,14 @@ class Subtree { // if policy enabled get values to form the general subtree. mMin = mConfig.getInteger(PROP_MIN, DEF_MIN); mMax = mConfig.getInteger(PROP_MAX, DEF_MAX); - if (mMax < -1) mMax = -1; + if (mMax < -1) + mMax = -1; mBase = CMS.createGeneralNameAsConstraintsConfig( - mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE), + mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE), true, policyEnabled); if (policyEnabled) { - mGeneralSubtree = + mGeneralSubtree = new GeneralSubtree(mBase.getGeneralName(), mMin, mMax); } } @@ -476,4 +472,3 @@ class Subtree { info.addElement(nameDot + PROP_MAX + ";" + MINMAX_INFO); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java index 9e36ae80..6056eb1b 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -39,25 +38,25 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * This implements an OCSP Signing policy, it * adds the OCSP Signing extension to the certificate. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$ $Date$ */ public class OCSPNoCheckExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { - + implements IEnrollmentPolicy, IExtendedPluginInfo { + public static final String PROP_CRITICAL = "critical"; private boolean mCritical = false; - + // PKIX specifies the that the extension SHOULD NOT be critical public static final boolean DEFAULT_CRITICALITY = false; @@ -75,9 +74,9 @@ public class OCSPNoCheckExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-ocspnocheck", + ";configuration-policyrules-ocspnocheck", IExtendedPluginInfo.HELP_TEXT + - ";Adds OCSP signing extension to certificate" + ";Adds OCSP signing extension to certificate" }; return params; @@ -88,9 +87,9 @@ public class OCSPNoCheckExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mOCSPNoCheck = new OCSPNoCheckExtension(); - + if (mOCSPNoCheck != null) { // configure the extension itself mCritical = config.getBoolean(PROP_CRITICAL, @@ -110,7 +109,7 @@ public class OCSPNoCheckExt extends APolicyRule } X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -131,15 +130,15 @@ public class OCSPNoCheckExt extends APolicyRule // find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { try { @@ -157,16 +156,16 @@ public class OCSPNoCheckExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + e.getMessage()); return PolicyResult.REJECTED; } } - + /** * Returns instance parameters. */ @@ -175,9 +174,9 @@ public class OCSPNoCheckExt extends APolicyRule params.addElement(PROP_CRITICAL + "=" + mCritical); return params; - + } - + /** * Returns default parameters. */ @@ -186,6 +185,6 @@ public class OCSPNoCheckExt extends APolicyRule defParams.addElement(PROP_CRITICAL + "=false"); return defParams; - + } } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java index 849036c7..cc44c2f1 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -40,31 +39,29 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Policy Constraints Extension Policy - * Adds the policy constraints extension to (CA) certificates. + * Adds the policy constraints extension to (CA) certificates. * Filtering of CA certificates is done through predicates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class PolicyConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; - protected static final String - PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy"; - protected static final String - PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping"; + protected static final String PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy"; + protected static final String PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping"; protected static final boolean DEF_CRITICAL = false; - protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set - protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set + protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set + protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set protected boolean mEnabled = false; protected IConfigStore mConfig = null; @@ -80,9 +77,9 @@ public class PolicyConstraintsExt extends APolicyRule static { mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefaultParams.addElement( - PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY); + PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY); mDefaultParams.addElement( - PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING); + PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING); } public PolicyConstraintsExt() { @@ -93,37 +90,35 @@ public class PolicyConstraintsExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // XXX should do do this ? // if CA does not allow subordinate CAs by way of basic constraints, // this policy always rejects /***** - ICertAuthority certAuthority = (ICertAuthority) - ((GenericPolicyProcessor)owner).mAuthority; - if (certAuthority instanceof ICertificateAuthority) { - CertificateChain caChain = certAuthority.getCACertChain(); - X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. - if (caChain != null) { - caCert = caChain.getFirstCertificate(); - if (caCert != null) - mCAPathLen = caCert.getBasicConstraints(); - } - } + * ICertAuthority certAuthority = (ICertAuthority) + * ((GenericPolicyProcessor)owner).mAuthority; + * if (certAuthority instanceof ICertificateAuthority) { + * CertificateChain caChain = certAuthority.getCACertChain(); + * X509Certificate caCert = null; + * // Note that in RA the chain could be null if CA was not up when + * // RA was started. In that case just set the length to -1 and let + * // CA reject if it does not allow any subordinate CA certs. + * if (caChain != null) { + * caCert = caChain.getFirstCertificate(); + * if (caCert != null) + * mCAPathLen = caCert.getBasicConstraints(); + * } + * } ****/ mEnabled = mConfig.getBoolean( @@ -135,42 +130,42 @@ public class PolicyConstraintsExt extends APolicyRule mInhibitPolicyMapping = mConfig.getInteger( PROP_INHIBIT_POLICY_MAPPING, DEF_INHIBIT_POLICY_MAPPING); - if (mReqExplicitPolicy < -1) + if (mReqExplicitPolicy < -1) mReqExplicitPolicy = -1; - if (mInhibitPolicyMapping < -1) + if (mInhibitPolicyMapping < -1) mInhibitPolicyMapping = -1; - - // create instance of policy constraings extension + + // create instance of policy constraings extension try { - mPolicyConstraintsExtension = - new PolicyConstraintsExtension(mCritical, - mReqExplicitPolicy, mInhibitPolicyMapping); + mPolicyConstraintsExtension = + new PolicyConstraintsExtension(mCritical, + mReqExplicitPolicy, mInhibitPolicyMapping); CMS.debug( - "PolicyConstraintsExt: Created Policy Constraints Extension: " + - mPolicyConstraintsExtension); + "PolicyConstraintsExt: Created Policy Constraints Extension: " + + mPolicyConstraintsExtension); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString())); + CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString())); throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Could not init Policy Constraints Extension. Error: " + e)); + "Could not init Policy Constraints Extension. Error: " + e)); } // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); + PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); mInstanceParams.addElement( - PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); + PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); } /** * Adds Policy Constraints Extension to a (CA) certificate. * - * If a Policy constraints Extension is already there, accept it if + * If a Policy constraints Extension is already there, accept it if * it's been approved by agent, else replace it. - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -181,12 +176,12 @@ public class PolicyConstraintsExt extends APolicyRule } // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -206,7 +201,7 @@ public class PolicyConstraintsExt extends APolicyRule try { PolicyConstraintsExtension policyConstraintsExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -227,55 +222,55 @@ public class PolicyConstraintsExt extends APolicyRule if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - "PolicyConstriantsExt", mPolicyConstraintsExtension); + "PolicyConstriantsExt", mPolicyConstraintsExtension); CMS.debug("PolicyConstraintsExt: added our policy constraints extension"); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefaultParams; } /** - * gets plugin info for pretty console edit displays. + * gets plugin info for pretty console edit displays. */ public String[] getExtendedPluginInfo(Locale locale) { mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); + PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy); mInstanceParams.addElement( - PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); + PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping); String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.", @@ -287,4 +282,3 @@ public class PolicyConstraintsExt extends APolicyRule return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java index 1d901d57..681656ea 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -43,22 +42,22 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Policy Mappings Extension Policy - * Adds the Policy Mappings extension to a (CA) certificate. + * Adds the Policy Mappings extension to a (CA) certificate. * Filtering of CA certificates is done through predicates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class PolicyMappingsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_NUM_POLICYMAPPINGS = "numPolicyMappings"; @@ -85,37 +84,35 @@ public class PolicyMappingsExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate=certType==ca - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // XXX should do do this ? // if CA does not allow subordinate CAs by way of basic constraints, // this policy always rejects /***** - ICertAuthority certAuthority = (ICertAuthority) - ((IPolicyProcessor)owner).getAuthority(); - if (certAuthority instanceof ICertificateAuthority) { - CertificateChain caChain = certAuthority.getCACertChain(); - X509Certificate caCert = null; - // Note that in RA the chain could be null if CA was not up when - // RA was started. In that case just set the length to -1 and let - // CA reject if it does not allow any subordinate CA certs. - if (caChain != null) { - caCert = caChain.getFirstCertificate(); - if (caCert != null) - mCAPathLen = caCert.getBasicConstraints(); - } - } + * ICertAuthority certAuthority = (ICertAuthority) + * ((IPolicyProcessor)owner).getAuthority(); + * if (certAuthority instanceof ICertificateAuthority) { + * CertificateChain caChain = certAuthority.getCACertChain(); + * X509Certificate caCert = null; + * // Note that in RA the chain could be null if CA was not up when + * // RA was started. In that case just set the length to -1 and let + * // CA reject if it does not allow any subordinate CA certs. + * if (caChain != null) { + * caCert = caChain.getFirstCertificate(); + * if (caCert != null) + * mCAPathLen = caCert.getBasicConstraints(); + * } + * } ****/ mEnabled = mConfig.getBoolean( @@ -140,7 +137,7 @@ public class PolicyMappingsExt extends APolicyRule mPolicyMaps[i] = new PolicyMap(subtreeName, mConfig, mEnabled); } catch (EBaseException e) { log(ILogger.LL_FAILURE, NAME + ": " + - CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString())); + CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString())); throw e; } } @@ -152,21 +149,21 @@ public class PolicyMappingsExt extends APolicyRule for (int j = 0; j < mNumPolicyMappings; j++) { certPolicyMaps.addElement( - mPolicyMaps[j].mCertificatePolicyMap); + mPolicyMaps[j].mCertificatePolicyMap); } - mPolicyMappingsExtension = + mPolicyMappingsExtension = new PolicyMappingsExtension(mCritical, certPolicyMaps); } catch (IOException e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Error initializing " + NAME + " Error: " + e)); + "Error initializing " + NAME + " Error: " + e)); } } // form instance params mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings); + PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings); for (int i = 0; i < mNumPolicyMappings; i++) { mPolicyMaps[i].getInstanceParams(mInstanceParams); } @@ -175,10 +172,10 @@ public class PolicyMappingsExt extends APolicyRule /** * Adds policy mappings Extension to a (CA) certificate. * - * If a policy mappings Extension is already there, accept it if + * If a policy mappings Extension is already there, accept it if * it's been approved by agent, else replace it. - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -191,12 +188,12 @@ public class PolicyMappingsExt extends APolicyRule } // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -215,7 +212,7 @@ public class PolicyMappingsExt extends APolicyRule try { PolicyMappingsExtension policyMappingsExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -236,87 +233,87 @@ public class PolicyMappingsExt extends APolicyRule if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension); + PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** - * Default config parameters. - * To add more permitted or excluded subtrees, - * increase the num to greater than 0 and more configuration params + * Default config parameters. + * To add more permitted or excluded subtrees, + * increase the num to greater than 0 and more configuration params * will show up in the console. */ private static Vector<String> mDefParams = new Vector<String>(); static { mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS); + PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS); String policyMap0Dot = PROP_POLICYMAP + "0."; mDefParams.addElement( - policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + ""); + policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + ""); mDefParams.addElement( - policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + ""); + policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + ""); } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } public String[] getExtendedPluginInfo(Locale locale) { Vector<String> theparams = new Vector<String>(); - + theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical."); theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1"); - String policyInfo = - ";string;An object identifier in the form n.n.n.n"; + String policyInfo = + ";string;An object identifier in the form n.n.n.n"; for (int k = 0; k < 5; k++) { String policyMapkDot = PROP_POLICYMAP + k + "."; theparams.addElement(policyMapkDot + - PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo); + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo); theparams.addElement(policyMapkDot + - PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo); + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo); } theparams.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-policymappings"); + ";configuration-policyrules-policymappings"); theparams.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)"); + ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)"); String[] params = new String[theparams.size()]; @@ -325,7 +322,6 @@ public class PolicyMappingsExt extends APolicyRule } } - class PolicyMap { protected static String PROP_ISSUER_DOMAIN_POLICY = "issuerDomainPolicy"; @@ -340,47 +336,48 @@ class PolicyMap { /** * forms policy map parameters. + * * @param name name of this policy map, for example policyMap0 * @param config parent's config from where we find this configuration. * @param enabled whether policy was enabled. */ - protected PolicyMap(String name, IConfigStore config, boolean enabled) - throws EBaseException { + protected PolicyMap(String name, IConfigStore config, boolean enabled) + throws EBaseException { mName = name; mConfig = config.getSubStore(mName); mNameDot = mName + "."; - if( mConfig == null ) { - CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig is null!" ); + if (mConfig == null) { + CMS.debug("PolicyMappingsExt::PolicyMap - mConfig is null!"); return; } // if there's no configuration for this map put it there. if (mConfig.size() == 0) { - config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, ""); - config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, ""); + config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, ""); + config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, ""); mConfig = config.getSubStore(mName); if (mConfig == null || mConfig.size() == 0) { - CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig " + - "is null or empty!" ); + CMS.debug("PolicyMappingsExt::PolicyMap - mConfig " + + "is null or empty!"); return; } } // get policy ids from configuration. - mIssuerDomainPolicy = + mIssuerDomainPolicy = mConfig.getString(PROP_ISSUER_DOMAIN_POLICY, null); - mSubjectDomainPolicy = + mSubjectDomainPolicy = mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY, null); // adjust for "" and console returning "null" - if (mIssuerDomainPolicy != null && - (mIssuerDomainPolicy.length() == 0 || + if (mIssuerDomainPolicy != null && + (mIssuerDomainPolicy.length() == 0 || mIssuerDomainPolicy.equals("null"))) { mIssuerDomainPolicy = null; } - if (mSubjectDomainPolicy != null && - (mSubjectDomainPolicy.length() == 0 || + if (mSubjectDomainPolicy != null && + (mSubjectDomainPolicy.length() == 0 || mSubjectDomainPolicy.equals("null"))) { mSubjectDomainPolicy = null; } @@ -388,26 +385,26 @@ class PolicyMap { // policy ids cannot be null if policy is enabled. String msg = "value cannot be null."; - if (mIssuerDomainPolicy == null && enabled) + if (mIssuerDomainPolicy == null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_ISSUER_DOMAIN_POLICY, msg)); - if (mSubjectDomainPolicy == null && enabled) + if (mSubjectDomainPolicy == null && enabled) throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", mNameDot + PROP_SUBJECT_DOMAIN_POLICY, msg)); - // if a policy id is not null check that it is a valid OID. + // if a policy id is not null check that it is a valid OID. ObjectIdentifier issuerPolicyId = null; ObjectIdentifier subjectPolicyId = null; - if (mIssuerDomainPolicy != null) + if (mIssuerDomainPolicy != null) issuerPolicyId = CMS.checkOID( mNameDot + PROP_ISSUER_DOMAIN_POLICY, mIssuerDomainPolicy); - if (mSubjectDomainPolicy != null) + if (mSubjectDomainPolicy != null) subjectPolicyId = CMS.checkOID( mNameDot + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy); - - // if enabled, form CertificatePolicyMap to be encoded in extension. - // policy ids should be all set. + + // if enabled, form CertificatePolicyMap to be encoded in extension. + // policy ids should be all set. if (enabled) { mCertificatePolicyMap = new CertificatePolicyMap( new CertificatePolicyId(issuerPolicyId), @@ -417,12 +414,11 @@ class PolicyMap { protected void getInstanceParams(Vector<String> instanceParams) { instanceParams.addElement( - mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" : - mIssuerDomainPolicy)); + mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" : + mIssuerDomainPolicy)); instanceParams.addElement( - mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" : - mSubjectDomainPolicy)); + mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" : + mSubjectDomainPolicy)); } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java index 125555c4..e13a7a84 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.util.Locale; import java.util.Vector; @@ -32,11 +31,12 @@ import com.netscape.cms.policy.APolicyRule; /** * Checks extension presence. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -77,7 +77,7 @@ public class PresenceExt extends APolicyRule { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mCritical = config.getBoolean(PROP_IS_CRITICAL, false); @@ -102,14 +102,14 @@ public class PresenceExt extends APolicyRule { mTelephoneNumber, mRFC822Name, mID, mHostName, mPortNumber, mMaxUsers, mServiceLevel); */ - + return res; } - public Vector<String> getInstanceParams() { - Vector<String> params = new Vector<String>(); + public Vector<String> getInstanceParams() { + Vector<String> params = new Vector<String>(); - params.addElement(PROP_IS_CRITICAL + "=" + mCritical); + params.addElement(PROP_IS_CRITICAL + "=" + mCritical); params.addElement(PROP_OID + "=" + mOID); params.addElement(PROP_VERSION + "=" + mVersion); params.addElement(PROP_STREET_ADDRESS + "=" + mStreetAddress); @@ -137,21 +137,21 @@ public class PresenceExt extends APolicyRule { PROP_MAX_USERS + ";string; max users", PROP_SERVICE_LEVEL + ";string; service level", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-presenceext", + ";configuration-policyrules-presenceext", IExtendedPluginInfo.HELP_TEXT + - ";Adds Presence Server Extension;" + ";Adds Presence Server Extension;" - }; + }; return params; } - + /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java index 8b3ab40c..60c0dfbc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.text.SimpleDateFormat; @@ -42,20 +41,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * PrivateKeyUsagePeriod Identifier Extension policy. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { private final static String PROP_NOT_BEFORE = "notBefore"; private final static String PROP_NOT_AFTER = "notAfter"; @@ -94,16 +93,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " + - "recommends against the use of this extension. CAs " + - "conforming to the profile MUST NOT generate certs with " + - "critical private key usage period extensions.", + "recommends against the use of this extension. CAs " + + "conforming to the profile MUST NOT generate certs with " + + "critical private key usage period extensions.", PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.", PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-privatekeyusageperiod", + ";configuration-policyrules-privatekeyusageperiod", IExtendedPluginInfo.HELP_TEXT + - ";Adds (deprecated) Private Key Usage Period Extension. " + - "Defined in RFC 2459 (4.2.1.4)" + ";Adds (deprecated) Private Key Usage Period Extension. " + + "Defined in RFC 2459 (4.2.1.4)" }; return params; @@ -119,17 +118,17 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule /** * Initializes this policy rule. - * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.notBefore=30 - * ra.Policy.rule.<ruleName>.notAfter=180 - * ra.Policy.rule.<ruleName>.critical=false - * ra.Policy.rule.<ruleName>.predicate=ou==Sales - * - * @param config The config store reference + * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.notBefore=30 + * ra.Policy.rule.<ruleName>.notAfter=180 + * ra.Policy.rule.<ruleName>.critical=false + * ra.Policy.rule.<ruleName>.predicate=ou==Sales + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { // Get params. @@ -145,7 +144,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule notAfter = formatter.format(formatter.parse(mNotAfter.trim())); } catch (Exception e) { // e.printStackTrace(); - Object[] params = {getInstanceName(), e}; + Object[] params = { getInstanceName(), e }; throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params); @@ -154,20 +153,20 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule } /** - * Adds a private key usage extension if none exists. - * - * @param req The request on which to apply policy. + * Adds a private key usage extension if none exists. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -201,7 +200,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule // remove any previously computed version of the extension try { extensions.delete(PrivateKeyUsageExtension.class.getSimpleName()); - + } catch (IOException e) { } @@ -209,16 +208,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule try { ext = new PrivateKeyUsageExtension( - formatter.parse(mNotBefore), + formatter.parse(mNotBefore), formatter.parse(mNotAfter)); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions.set(PrivateKeyUsageExtension.class.getSimpleName(), ext); } catch (Exception e) { - if (e instanceof RuntimeException) + if (e instanceof RuntimeException) throw (RuntimeException) e; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString())); setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME); return PolicyResult.REJECTED; } @@ -227,11 +226,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return Empty Vector since this policy has no configuration parameters. - * for this policy instance. + * for this policy instance. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); params.addElement(PROP_IS_CRITICAL + "=" + mCritical); @@ -242,11 +241,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule /** * Return default parameters for a policy implementation. - * - * @return Empty Vector since this policy implementation has no - * configuration parameters. + * + * @return Empty Vector since this policy implementation has no + * configuration parameters. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); defParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY); @@ -255,4 +254,3 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java index 396afc97..29285f0b 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -37,55 +36,55 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Remove Basic Constraints policy. * Adds the Basic constraints extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class RemoveBasicConstraintsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { public RemoveBasicConstraintsExt() { NAME = "RemoveBasicConstraintsExt"; DESC = "Remove Basic Constraints extension"; } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { } public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, certInfo); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; } public PolicyResult applyCert( - IRequest req, X509CertInfo certInfo) { + IRequest req, X509CertInfo certInfo) { // get basic constraints extension from cert info if any. CertificateExtensions extensions = null; @@ -110,10 +109,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); return params; @@ -121,10 +120,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { Vector<String> defParams = new Vector<String>(); return defParams; @@ -133,13 +132,12 @@ public class RemoveBasicConstraintsExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-removebasicconstraints", + ";configuration-policyrules-removebasicconstraints", IExtendedPluginInfo.HELP_TEXT + - ";Removes the Basic Constraints extension." + ";Removes the Basic Constraints extension." }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java index aab88ff3..0b8fb305 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Locale; @@ -42,43 +41,36 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * - * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. - * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt. + * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. + * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt. * <p> * * Subject Alternative Name extension policy in CMS 4.1. - * - * Adds the subject alternative name extension depending on the - * certificate type requested. - * - * Two forms are supported. 1) For S/MIME certificates, email - * addresses are copied from data stored in the request by the - * authentication component. Both 'e' and 'altEmail' are supported - * so that both the primary address and alternative forms may be - * certified. Only the primary goes in the subjectName position (which - * should be phased out). - * - * e - * mailAlternateAddress + * + * Adds the subject alternative name extension depending on the certificate type requested. + * + * Two forms are supported. 1) For S/MIME certificates, email addresses are copied from data stored in the request by the authentication component. Both 'e' and 'altEmail' are supported so that both the primary address and alternative forms may be certified. Only the primary goes in the subjectName position (which should be phased out). + * + * e mailAlternateAddress * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SubjAltNameExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { // for future use. currently always allow. protected static final String PROP_AGENT_OVERR = "allowAgentOverride"; protected static final String PROP_EE_OVERR = "AllowEEOverride"; protected static final String PROP_ENABLE_MANUAL_VALUES = - "enableManualValues"; + "enableManualValues"; // for future use. currently always non-critical // (standard says SHOULD be marked critical if included.) @@ -103,15 +95,15 @@ public class SubjAltNameExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjaltname", + ";configuration-policyrules-subjaltname", IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the Subject Alternative Name " + - "Extension into the certificate. See RFC 2459 (4.2.1.7). " + - "* Note: you probably want to use this policy in " + - "conjunction with an authentication manager which sets " + - "the 'mail' or 'mailalternateaddress' values in the authToken. " + - "See the 'ldapStringAttrs' parameter in the Directory-based " + - "authentication plugin" + ";This policy inserts the Subject Alternative Name " + + "Extension into the certificate. See RFC 2459 (4.2.1.7). " + + "* Note: you probably want to use this policy in " + + "conjunction with an authentication manager which sets " + + "the 'mail' or 'mailalternateaddress' values in the authToken. " + + "See the 'ldapStringAttrs' parameter in the Directory-based " + + "authentication plugin" }; return params; @@ -121,16 +113,15 @@ public class SubjAltNameExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt - * ra.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt ra.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // future use. mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false); mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false); @@ -140,21 +131,21 @@ public class SubjAltNameExt extends APolicyRule /** * Adds the subject alternative names extension if not set already. - * + * * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // Find the X509CertInfo object in the request - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -174,12 +165,11 @@ public class SubjAltNameExt extends APolicyRule // // General error handling block // - apply: - try { + apply: try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { // @@ -199,11 +189,11 @@ public class SubjAltNameExt extends APolicyRule // non-client certs, and implement client certs directly here. // String certType = - req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (certType == null || - !certType.equals(IRequest.CLIENT_CERT) || - !req.getExtDataInBoolean(IRequest.SMIME, false)) { + !certType.equals(IRequest.CLIENT_CERT) || + !req.getExtDataInBoolean(IRequest.SMIME, false)) { break apply; } @@ -212,30 +202,32 @@ public class SubjAltNameExt extends APolicyRule IAuthToken tok = findAuthToken(req, null); - if (tok == null) break apply; + if (tok == null) + break apply; Vector<String> emails = getEmailList(tok); - if (emails == null) break apply; + if (emails == null) + break apply; - // Create the extension + // Create the extension SubjectAlternativeNameExtension subjAltNameExt = mkExt(emails); if (extensions == null) extensions = createCertificateExtensions(certInfo); extensions.set(SubjectAlternativeNameExtension.class.getSimpleName(), - subjAltNameExt); + subjAltNameExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } @@ -247,7 +239,7 @@ public class SubjAltNameExt extends APolicyRule * If the token is not present return null */ protected IAuthToken - findAuthToken(IRequest req, String authMgrName) { + findAuthToken(IRequest req, String authMgrName) { return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN); } @@ -257,14 +249,15 @@ public class SubjAltNameExt extends APolicyRule * found in this Authentication token */ protected Vector /* of String */<String> - getEmailList(IAuthToken tok) { + getEmailList(IAuthToken tok) { Vector<String> v = new Vector<String>(); addValues(tok, "mail", v); addValues(tok, "mailalternateaddress", v); - if (v.size() == 0) return null; + if (v.size() == 0) + return null; return v; } @@ -273,10 +266,11 @@ public class SubjAltNameExt extends APolicyRule * Add attribute values from an LDAP attribute to a vector */ protected void - addValues(IAuthToken tok, String attrName, Vector<String> v) { + addValues(IAuthToken tok, String attrName, Vector<String> v) { String attr[] = tok.getInStringArray(attrName); - if (attr == null) return; + if (attr == null) + return; for (int i = 0; i < attr.length; i++) { v.addElement(attr[i]); @@ -287,8 +281,8 @@ public class SubjAltNameExt extends APolicyRule * Make a Subject name extension given a list of email addresses */ protected SubjectAlternativeNameExtension - mkExt(Vector<String> emails) - throws IOException { + mkExt(Vector<String> emails) + throws IOException { SubjectAlternativeNameExtension sa; GeneralNames gns = new GeneralNames(); @@ -306,17 +300,17 @@ public class SubjAltNameExt extends APolicyRule /** * Create a new SET of extensions in the certificate info * object. - * + * * This should be a method in the X509CertInfo object */ - protected CertificateExtensions - createCertificateExtensions(X509CertInfo certInfo) - throws IOException, CertificateException { + protected CertificateExtensions + createCertificateExtensions(X509CertInfo certInfo) + throws IOException, CertificateException { CertificateExtensions extensions; // Force version to V3 - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -326,10 +320,10 @@ public class SubjAltNameExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { Vector<String> params = new Vector<String>(); //params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride); @@ -342,11 +336,11 @@ public class SubjAltNameExt extends APolicyRule /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { - Vector<String> defParams = new Vector<String> (); + public Vector<String> getDefaultParams() { + Vector<String> defParams = new Vector<String>(); //defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR); //defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR); @@ -356,4 +350,3 @@ public class SubjAltNameExt extends APolicyRule return defParams; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java index b9bc6059..0268da41 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Enumeration; @@ -45,32 +44,32 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Subject Alternative Name extension policy. - * + * * Adds the subject alternative name extension as configured. - * - * Two forms are supported. 1) For S/MIME certificates, email + * + * Two forms are supported. 1) For S/MIME certificates, email * addresses are copied from data stored in the request by the - * authentication component. Both 'e' and 'altEmail' are supported + * authentication component. Both 'e' and 'altEmail' are supported * so that both the primary address and alternative forms may be - * certified. Only the primary goes in the subjectName position (which + * certified. Only the primary goes in the subjectName position (which * should be phased out). - * + * * e * mailAlternateAddress * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SubjectAltNameExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { // (standard says SHOULD be marked critical if included.) protected static final String PROP_CRITICAL = "critical"; protected static final boolean DEF_CRITICAL = false; @@ -89,11 +88,11 @@ public class SubjectAltNameExt extends APolicyRule // default params. mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); mDefParams.addElement( - IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + - IGeneralNameUtil.DEF_NUM_GENERALNAMES); + IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + + IGeneralNameUtil.DEF_NUM_GENERALNAMES); for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) { CMS.getSubjAltNameConfigDefaultParams( - IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams); + IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams); } } @@ -107,16 +106,15 @@ public class SubjectAltNameExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt - * ra.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt ra.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; // get criticality @@ -127,11 +125,11 @@ public class SubjectAltNameExt extends APolicyRule IPolicyProcessor.PROP_ENABLE, false); // get general names configuration. - mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES); + mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES); if (mNumGNs <= 0) { throw new EBaseException( - CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", - IGeneralNameUtil.PROP_NUM_GENERALNAMES)); + CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", + IGeneralNameUtil.PROP_NUM_GENERALNAMES)); } mGNs = new ISubjAltNameConfig[mNumGNs]; for (int i = 0; i < mNumGNs; i++) { @@ -144,7 +142,7 @@ public class SubjectAltNameExt extends APolicyRule // init instance params. mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical); mInstanceParams.addElement( - IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs); + IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs); for (int j = 0; j < mGNs.length; j++) { mGNs[j].getInstanceParams(mInstanceParams); } @@ -152,21 +150,21 @@ public class SubjectAltNameExt extends APolicyRule /** * Adds the subject alternative names extension if not set already. - * + * * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // Find the X509CertInfo object in the request - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); return PolicyResult.REJECTED; // unrecoverable error. } @@ -186,7 +184,7 @@ public class SubjectAltNameExt extends APolicyRule try { // Find the extensions in the certInfo CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); // Remove any previously computed version of the extension // unless it is from RA. If from RA, accept what RA put in @@ -194,7 +192,7 @@ public class SubjectAltNameExt extends APolicyRule if (extensions != null) { String sourceId = req.getSourceId(); - if (sourceId != null && sourceId.length() > 0) + if (sourceId != null && sourceId.length() > 0) return res; // accepted try { extensions.delete(SubjectAlternativeNameExtension.class.getSimpleName()); @@ -223,8 +221,8 @@ public class SubjectAltNameExt extends APolicyRule } // nothing was found in request to put into extension - if (gns.size() == 0) - return res; // accepted + if (gns.size() == 0) + return res; // accepted String subject = certInfo.get(X509CertInfo.SUBJECT).toString(); @@ -233,10 +231,9 @@ public class SubjectAltNameExt extends APolicyRule if (subject.equals("")) { curCritical = true; } - + // make the extension - SubjectAlternativeNameExtension - sa = new SubjectAlternativeNameExtension(curCritical, gns); + SubjectAlternativeNameExtension sa = new SubjectAlternativeNameExtension(curCritical, gns); // add it to certInfo. if (extensions == null) @@ -248,19 +245,19 @@ public class SubjectAltNameExt extends APolicyRule } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; // unrecoverable error. } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Internal Error"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Internal Error"); return PolicyResult.REJECTED; // unrecoverable error. } } @@ -268,17 +265,17 @@ public class SubjectAltNameExt extends APolicyRule /** * Create a new SET of extensions in the certificate info * object. - * + * * This should be a method in the X509CertInfo object */ - protected CertificateExtensions - createCertificateExtensions(X509CertInfo certInfo) - throws IOException, CertificateException { + protected CertificateExtensions + createCertificateExtensions(X509CertInfo certInfo) + throws IOException, CertificateException { CertificateExtensions extensions; // Force version to V3 - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -288,19 +285,19 @@ public class SubjectAltNameExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefParams; } @@ -313,22 +310,21 @@ public class SubjectAltNameExt extends APolicyRule info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO); for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) { CMS.getSubjAltNameConfigExtendedPluginInfo( - IGeneralNameUtil.PROP_GENERALNAME + i, info); + IGeneralNameUtil.PROP_GENERALNAME + i, info); } info.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjaltname"); + ";configuration-policyrules-subjaltname"); info.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the Subject Alternative Name " + - "Extension into the certificate. See RFC 2459 (4.2.1.7). " + - "* Note: you probably want to use this policy in " + - "conjunction with an authentication manager which sets " + - "the 'mail' or 'mailalternateaddress' values in the authToken. " + - "See the 'ldapStringAttrs' parameter in the Directory-based " + - "authentication plugin"); + ";This policy inserts the Subject Alternative Name " + + "Extension into the certificate. See RFC 2459 (4.2.1.7). " + + "* Note: you probably want to use this policy in " + + "conjunction with an authentication manager which sets " + + "the 'mail' or 'mailalternateaddress' values in the authToken. " + + "See the 'ldapStringAttrs' parameter in the Directory-based " + + "authentication plugin"); mExtendedPluginInfo = new String[info.size()]; info.copyInto(mExtendedPluginInfo); return mExtendedPluginInfo; } } - diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java index 34821fab..69e6f8e5 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Enumeration; @@ -45,20 +44,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Policy to add the subject directory attributes extension. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class SubjectDirectoryAttributesExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { +public class SubjectDirectoryAttributesExt extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_ATTRIBUTE = "attribute"; protected static final String PROP_NUM_ATTRIBUTES = "numAttributes"; @@ -75,7 +74,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule protected SubjectDirAttributesExtension mExt = null; protected Vector<String> mParams = new Vector<String>(); - private String[] mEPI = null; // extended plugin info + private String[] mEPI = null; // extended plugin info protected static Vector<String> mDefParams = new Vector<String>(); static { @@ -85,16 +84,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule public SubjectDirectoryAttributesExt() { NAME = "SubjectDirectoryAttributesExtPolicy"; DESC = "Sets Subject Directory Attributes Extension in certificates."; - setExtendedPluginInfo(); + setExtendedPluginInfo(); } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { boolean enabled = config.getBoolean("enabled", false); mConfig = config; - mCritical = mConfig.getBoolean(PROP_CRITICAL, false); + mCritical = mConfig.getBoolean(PROP_CRITICAL, false); mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES, DEF_NUM_ATTRIBUTES); if (mNumAttributes < 1) { EBaseException ex = new EBaseException( @@ -110,14 +109,14 @@ public class SubjectDirectoryAttributesExt extends APolicyRule mAttributes[i] = new AttributeConfig(name, c, enabled); } - if (enabled) { + if (enabled) { try { mExt = formExt(null); } catch (IOException e) { log(ILogger.LL_FAILURE, NAME + " Error: " + e.getMessage()); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Error forming Subject Directory Attributes Extension. " + - "See log file for details.")); + "See log file for details.")); } } setInstanceParams(); @@ -126,7 +125,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); @@ -136,7 +135,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule for (int i = 0; i < ci.length; i++) { PolicyResult r = applyCert(req, ci[i]); - if (r == PolicyResult.REJECTED) + if (r == PolicyResult.REJECTED) return r; } return PolicyResult.ACCEPTED; @@ -153,7 +152,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule if (extensions == null) { extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { try { @@ -173,7 +172,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } else { SubjectDirAttributesExtension ext = formExt(req); - if (ext != null) + if (ext != null) extensions.set(SubjectDirAttributesExtension.class.getSimpleName(), formExt(req)); } return PolicyResult.ACCEPTED; @@ -181,17 +180,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "IOException Error"); + NAME, "IOException Error"); return PolicyResult.REJECTED; - } + } } - public Vector<String> getInstanceParams() { return mParams; // inited in init() } @@ -201,12 +199,12 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } public String[] getExtendedPluginInfo(Locale locale) { - return mEPI; // inited in the constructor. + return mEPI; // inited in the constructor. } private void setInstanceParams() { - mParams.addElement(PROP_CRITICAL + "=" + mCritical); - mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes); + mParams.addElement(PROP_CRITICAL + "=" + mCritical); + mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes); for (int i = 0; i < mNumAttributes; i++) { mAttributes[i].getInstanceParams(mParams); } @@ -217,8 +215,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } private static void setDefaultParams() { - mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); - mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES); + mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); + mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES); for (int i = 0; i < DEF_NUM_ATTRIBUTES; i++) { AttributeConfig.getDefaultParams(PROP_ATTRIBUTE + i, mDefParams); } @@ -228,32 +226,31 @@ public class SubjectDirectoryAttributesExt extends APolicyRule Vector<String> v = new Vector<String>(); v.addElement(PROP_CRITICAL + ";boolean;" + - "RFC 2459 recommendation: MUST be non-critical."); + "RFC 2459 recommendation: MUST be non-critical."); v.addElement(PROP_NUM_ATTRIBUTES + ";number;" + - "Number of Attributes in the extension."); + "Number of Attributes in the extension."); for (int i = 0; i < MAX_NUM_ATTRIBUTES; i++) { AttributeConfig.getExtendedPluginInfo(PROP_ATTRIBUTE + i, v); } v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjectdirectoryattributes"); + ";configuration-policyrules-subjectdirectoryattributes"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments."); + ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments."); mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } - private SubjectDirAttributesExtension formExt(IRequest req) - throws IOException { + private SubjectDirAttributesExtension formExt(IRequest req) + throws IOException { Vector<Attribute> attrs = new Vector<Attribute>(); // if we're called from init and one attribute is from request attribute // the ext can't be formed yet. if (req == null) { for (int i = 0; i < mNumAttributes; i++) { - if (mAttributes[i].mWhereToGetValue == - AttributeConfig.USE_REQUEST_ATTR) + if (mAttributes[i].mWhereToGetValue == AttributeConfig.USE_REQUEST_ATTR) return null; } } @@ -265,24 +262,23 @@ public class SubjectDirectoryAttributesExt extends APolicyRule // skip attribute if request attribute doesn't exist. Attribute a = mAttributes[i].formAttr(req); - if (a == null) + if (a == null) continue; attrs.addElement(a); } } - if (attrs.size() == 0) + if (attrs.size() == 0) return null; Attribute[] attrList = new Attribute[attrs.size()]; attrs.copyInto(attrList); - SubjectDirAttributesExtension ext = - new SubjectDirAttributesExtension(attrList); + SubjectDirAttributesExtension ext = + new SubjectDirAttributesExtension(attrList); return ext; } } - class AttributeConfig { protected static final String PROP_ATTRIBUTE_NAME = "attributeName"; @@ -305,21 +301,21 @@ class AttributeConfig { protected Attribute mAttribute = null; protected static final String ATTRIBUTE_NAME_INFO = "Attribute name."; - protected static final String WTG_VALUE_INFO = - PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" + - "Get value from a request attribute or use a fixed value specified below."; - protected static final String VALUE_INFO = - PROP_VALUE + ";string;" + - "Request attribute name or a fixed value to put into the extension."; - - public AttributeConfig(String name, IConfigStore config, boolean enabled) - throws EBaseException { + protected static final String WTG_VALUE_INFO = + PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" + + "Get value from a request attribute or use a fixed value specified below."; + protected static final String VALUE_INFO = + PROP_VALUE + ";string;" + + "Request attribute name or a fixed value to put into the extension."; + + public AttributeConfig(String name, IConfigStore config, boolean enabled) + throws EBaseException { X500NameAttrMap map = X500NameAttrMap.getDefault(); mName = name; mConfig = config; if (enabled) { - mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME); + mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME); mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE); mValue = mConfig.getString(PROP_VALUE); } else { @@ -330,7 +326,7 @@ class AttributeConfig { if (mAttributeName.length() > 0) { mAttributeOID = map.getOid(mAttributeName); - if (mAttributeOID == null) + if (mAttributeOID == null) throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mAttributeName)); } @@ -345,8 +341,8 @@ class AttributeConfig { if (dot != -1) { mPrefix = mValue.substring(0, dot); mReqAttr = mValue.substring(dot + 1); - if (mPrefix == null || mPrefix.length() == 0 || - mReqAttr == null || mReqAttr.length() == 0) { + if (mPrefix == null || mPrefix.length() == 0 || + mReqAttr == null || mReqAttr.length() == 0) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mValue)); } @@ -357,17 +353,17 @@ class AttributeConfig { } else if (mWhereToGetValue.equalsIgnoreCase(USE_FIXED)) { mWhereToGetValue = USE_FIXED; if (mAttributeOID != null) { - try { - checkValue(mAttributeOID, mValue); - mAttribute = new Attribute(mAttributeOID, mValue); + try { + checkValue(mAttributeOID, mValue); + mAttribute = new Attribute(mAttributeOID, mValue); } catch (Exception e) { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - mAttributeName, e.getMessage())); + mAttributeName, e.getMessage())); } } } else if (enabled || mWhereToGetValue.length() > 0) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE, + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE, "Must be either '" + USE_REQUEST_ATTR + "' or '" + USE_FIXED + "'.")); } } @@ -385,7 +381,7 @@ class AttributeConfig { String attrChoices = getAllNames(); v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices + ");" + - ATTRIBUTE_NAME_INFO); + ATTRIBUTE_NAME_INFO); v.addElement(nameDot + WTG_VALUE_INFO); v.addElement(nameDot + VALUE_INFO); } @@ -398,21 +394,21 @@ class AttributeConfig { v.addElement(nameDot + PROP_VALUE + "=" + mValue); } - public Attribute formAttr(IRequest req) - throws IOException { + public Attribute formAttr(IRequest req) + throws IOException { String val = req.getExtDataInString(mPrefix, mReqAttr); if (val == null || val.length() == 0) { return null; } - checkValue(mAttributeOID, val); + checkValue(mAttributeOID, val); return new Attribute(mAttributeOID, val); } static private String getAllNames() { Enumeration<String> n = X500NameAttrMap.getDefault().getAllNames(); StringBuffer sb = new StringBuffer(); - sb.append( n.nextElement()); + sb.append(n.nextElement()); while (n.hasMoreElements()) { sb.append(","); @@ -421,8 +417,8 @@ class AttributeConfig { return sb.toString(); } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); DerValue derval; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java index 717a6482..bcf6544f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -46,21 +45,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Subject Public Key Extension Policy - * Adds the subject public key id extension to certificates. + * Adds the subject public key id extension to certificates. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_CRITICAL = "critical"; protected static final String PROP_KEYID_TYPE = "keyIdentifierType"; protected static final String PROP_REQATTR_NAME = "requestAttrName"; @@ -102,17 +101,15 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.predicate= - * ca.Policy.rule.<ruleName>.implName= - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mEnabled = mConfig.getBoolean( @@ -126,26 +123,26 @@ public class SubjectKeyIdentifierExt extends APolicyRule */ // parse key id type - if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1)) + if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1)) mKeyIdType = KEYID_TYPE_SHA1; - else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD)) + else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD)) mKeyIdType = KEYID_TYPE_TYPEFIELD; - /* - else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR) - mKeyIdType = KEYID_TYPE_REQATTR; - */ - else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1)) + /* + else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR) + mKeyIdType = KEYID_TYPE_REQATTR; + */ + else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1)) mKeyIdType = KEYID_TYPE_SPKISHA1; else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_KEYID_TYPE, + log(ILogger.LL_FAILURE, + CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_KEYID_TYPE, "value must be one of " + - KEYID_TYPE_SHA1 + ", " + - KEYID_TYPE_TYPEFIELD + ", " + - KEYID_TYPE_SPKISHA1)); + KEYID_TYPE_SHA1 + ", " + + KEYID_TYPE_TYPEFIELD + ", " + + KEYID_TYPE_SPKISHA1)); } // form instance params @@ -160,18 +157,18 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Adds Subject Key identifier Extension to a certificate. * If the extension is already there, accept it. - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { // get certInfo from request. - X509CertInfo[] ci = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); - + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + if (ci == null || ci[0] == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); - return PolicyResult.REJECTED; + return PolicyResult.REJECTED; } for (int i = 0; i < ci.length; i++) { @@ -189,7 +186,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule // if subject key id extension already exists, leave it if approved. SubjectKeyIdentifierExtension subjectKeyIdExt = null; CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); try { if (extensions != null) { @@ -202,14 +199,14 @@ public class SubjectKeyIdentifierExt extends APolicyRule if (subjectKeyIdExt != null) { if (agentApproved(req)) { CMS.debug( - "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() + - " already has subject key id extension with value " + - subjectKeyIdExt); + "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() + + " already has subject key id extension with value " + + subjectKeyIdExt); return PolicyResult.ACCEPTED; } else { CMS.debug( - "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() + - " had subject key identifier - deleted to be replaced"); + "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() + + " had subject key identifier - deleted to be replaced"); extensions.delete(SubjectKeyIdentifierExtension.class.getSimpleName()); } } @@ -217,38 +214,38 @@ public class SubjectKeyIdentifierExt extends APolicyRule // create subject key id extension. KeyIdentifier keyId = null; - try { - keyId = formKeyIdentifier(certInfo, req); + try { + keyId = formKeyIdentifier(certInfo, req); } catch (EBaseException e) { setPolicyException(req, e); return PolicyResult.REJECTED; } - subjectKeyIdExt = + subjectKeyIdExt = new SubjectKeyIdentifierExtension( - mCritical, keyId.getIdentifier()); + mCritical, keyId.getIdentifier()); // add subject key id extension. if (extensions == null) { certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } extensions.set( - SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt); + SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt); CMS.debug( - "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId()); + "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId()); return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, "Certificate Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, "Certificate Info Error"); return PolicyResult.REJECTED; } } @@ -256,12 +253,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Form the Key Identifier in the Subject Key Identifier extension. * <p> + * * @param certInfo Certificate Info * @param req request * @return A Key Identifier. */ protected KeyIdentifier formKeyIdentifier( - X509CertInfo certInfo, IRequest req) throws EBaseException { + X509CertInfo certInfo, IRequest req) throws EBaseException { KeyIdentifier keyId = null; if (mKeyIdType == KEYID_TYPE_SHA1) { @@ -269,10 +267,10 @@ public class SubjectKeyIdentifierExt extends APolicyRule } else if (mKeyIdType == KEYID_TYPE_TYPEFIELD) { keyId = formTypeFieldKeyId(certInfo); } /* - else if (mKeyIdType == KEYID_TYPE_REQATTR) { - keyId = formReqAttrKeyId(certInfo, req); - } - */ else if (mKeyIdType == KEYID_TYPE_SPKISHA1) { + else if (mKeyIdType == KEYID_TYPE_REQATTR) { + keyId = formReqAttrKeyId(certInfo, req); + } + */else if (mKeyIdType == KEYID_TYPE_SPKISHA1) { keyId = formSpkiSHA1KeyId(certInfo); } else { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", @@ -282,22 +280,23 @@ public class SubjectKeyIdentifierExt extends APolicyRule } /** - * Form key identifier from a type field value of 0100 followed by - * the least significate 60 bits of the sha-1 hash of the subject - * public key BIT STRING in accordance with RFC 2459. + * Form key identifier from a type field value of 0100 followed by + * the least significate 60 bits of the sha-1 hash of the subject + * public key BIT STRING in accordance with RFC 2459. * <p> + * * @param certInfo - certificate info * @return A Key Identifier with value formulatd as described. */ protected KeyIdentifier formTypeFieldKeyId(X509CertInfo certInfo) - throws EBaseException { + throws EBaseException { KeyIdentifier keyId = null; X509Key key = null; try { CertificateX509Key certKey = - (CertificateX509Key) certInfo.get(X509CertInfo.KEY); + (CertificateX509Key) certInfo.get(X509CertInfo.KEY); if (certKey == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME)); @@ -309,13 +308,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME)); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString())); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } @@ -330,8 +329,8 @@ public class SubjectKeyIdentifierExt extends APolicyRule octetString[0] &= (0x08f & octetString[0]); keyId = new KeyIdentifier(octetString); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME)); throw new EPolicyException( CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME)); } @@ -340,40 +339,39 @@ public class SubjectKeyIdentifierExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getInstanceParams() { + public Vector<String> getInstanceParams() { return mInstanceParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector<String> getDefaultParams() { + public Vector<String> getDefaultParams() { return mDefaultParams; } /** - * Gets extended plugin info for pretty Console displays. + * Gets extended plugin info for pretty Console displays. */ public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.", PROP_KEYID_TYPE + ";" + - "choice(" + KEYID_TYPE_SHA1 + "," + - KEYID_TYPE_TYPEFIELD + "," + - KEYID_TYPE_SPKISHA1 + ");" + - "Method to derive the Key Identifier.", + "choice(" + KEYID_TYPE_SHA1 + "," + + KEYID_TYPE_TYPEFIELD + "," + + KEYID_TYPE_SPKISHA1 + ");" + + "Method to derive the Key Identifier.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-subjectkeyidentifier", + ";configuration-policyrules-subjectkeyidentifier", IExtendedPluginInfo.HELP_TEXT + - ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)" + ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)" }; return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 68c706f5..2f95f91b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** * This class implements a basic profile. - * + * * @version $Revision$, $Date$ */ public abstract class BasicProfile implements IProfile { @@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile { public static final String PROP_NAME = "name"; public static final String PROP_DESC = "desc"; public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT= "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl"; + public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; + public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; protected IProfileSubsystem mOwner = null; protected IConfigStore mConfig = null; @@ -145,19 +143,19 @@ public abstract class BasicProfile implements IProfile { public IProfileAuthenticator getAuthenticator() throws EProfileException { try { IAuthSubsystem authSub = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IProfileAuthenticator auth = (IProfileAuthenticator) - authSub.get(mAuthInstanceId); + authSub.get(mAuthInstanceId); - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + + if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 + && auth == null) { + throw new EProfileException("Cannot load " + mAuthInstanceId); } return auth; } catch (Exception e) { if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + + throw new EProfileException("Cannot load " + mAuthInstanceId); } return null; @@ -167,7 +165,7 @@ public abstract class BasicProfile implements IProfile { public String getRequestorDN(IRequest request) { return null; } - + public String getAuthenticatorId() { return mAuthInstanceId; } @@ -185,7 +183,7 @@ public abstract class BasicProfile implements IProfile { * Initializes this profile. */ public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { CMS.debug("BasicProfile: start init"); mOwner = owner; mConfig = config; @@ -214,7 +212,7 @@ public abstract class BasicProfile implements IProfile { mAuthzAcl = config.getString("authz.acl", ""); } catch (EBaseException e) { CMS.debug("BasicProfile: authentication class not found " + - e.toString()); + e.toString()); } // handle profile input plugins @@ -224,7 +222,7 @@ public abstract class BasicProfile implements IProfile { while (input_st.hasMoreTokens()) { String input_id = (String) input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." + + String inputClassId = inputStore.getString(input_id + "." + PROP_CLASS_ID); IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", inputClassId); @@ -234,12 +232,12 @@ public abstract class BasicProfile implements IProfile { try { input = (IProfileInput) - Class.forName(inputClass).newInstance(); + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " + - inputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: input plugin Class.forName " + + inputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore inputConfig = inputStore.getSubStore(input_id); input.init(this, inputConfig); @@ -255,7 +253,7 @@ public abstract class BasicProfile implements IProfile { while (output_st.hasMoreTokens()) { String output_id = (String) output_st.nextToken(); - String outputClassId = outputStore.getString(output_id + "." + + String outputClassId = outputStore.getString(output_id + "." + PROP_CLASS_ID); IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", outputClassId); @@ -265,12 +263,12 @@ public abstract class BasicProfile implements IProfile { try { output = (IProfileOutput) - Class.forName(outputClass).newInstance(); + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " + - outputClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: output plugin Class.forName " + + outputClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore outputConfig = outputStore.getSubStore(output_id); output.init(this, outputConfig); @@ -286,7 +284,7 @@ public abstract class BasicProfile implements IProfile { while (updater_st.hasMoreTokens()) { String updater_id = (String) updater_st.nextToken(); - String updaterClassId = updaterStore.getString(updater_id + "." + + String updaterClassId = updaterStore.getString(updater_id + "." + PROP_CLASS_ID); IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", updaterClassId); @@ -296,12 +294,12 @@ public abstract class BasicProfile implements IProfile { try { updater = (IProfileUpdater) - Class.forName(updaterClass).newInstance(); + Class.forName(updaterClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " + - updaterClass + " " + e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("BasicProfile: updater plugin Class.forName " + + updaterClass + " " + e.toString()); + throw new EBaseException(e.toString()); } IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); updater.init(this, updaterConfig); @@ -325,15 +323,15 @@ public abstract class BasicProfile implements IProfile { String id = (String) st1.nextToken(); String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." + + String defaultClassId = policyStore.getString(defaultRoot + "." + PROP_CLASS_ID); String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = - policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); + String constraintClassId = + policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); + createProfilePolicy(setId, id, defaultClassId, + constraintClassId, false); } } CMS.debug("BasicProfile: done init"); @@ -380,20 +378,20 @@ public abstract class BasicProfile implements IProfile { } public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return null; } public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { + String value) throws EProfileException { } public Enumeration<String> getProfilePolicySetIds() { return mPolicySet.keys(); } - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException { Vector<ProfilePolicy> policies = mPolicySet.get(setId); if (policies == null) { @@ -443,10 +441,10 @@ public abstract class BasicProfile implements IProfile { while (st1.hasMoreTokens()) { String e = st1.nextToken(); - if (!e.equals(setId)) + if (!e.equals(setId)) newlist1 = newlist1 + e + ","; } - if (!newlist1.equals("")) + if (!newlist1.equals("")) newlist1 = newlist1.substring(0, newlist1.length() - 1); policySetSubStore.putString(PROP_POLICY_LIST, newlist1); } @@ -454,8 +452,8 @@ public abstract class BasicProfile implements IProfile { } } - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -496,8 +494,8 @@ public abstract class BasicProfile implements IProfile { mInputs.remove(inputId); mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -537,24 +535,23 @@ public abstract class BasicProfile implements IProfile { mOutputs.remove(outputId); mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } } - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); + public IProfileOutput createProfileOutput(String id, String outputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileOutput(id, outputId, nvps, true); } public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) + NameValuePairs nvps, boolean createConfig) - - throws EProfileException { + throws EProfileException { IConfigStore outputStore = mConfig.getSubStore("output"); String output_list = null; @@ -618,7 +615,7 @@ public abstract class BasicProfile implements IProfile { String prefix = id + "."; outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); + outputInfo.getName(Locale.getDefault())); outputStore.putString(prefix + "class_id", outputId); Enumeration<String> enum1 = nvps.getNames(); @@ -628,17 +625,17 @@ public abstract class BasicProfile implements IProfile { outputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (output != null) { - output.setConfig(name, nvps.getValue(name)); - } + if (output != null) { + output.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -648,15 +645,15 @@ public abstract class BasicProfile implements IProfile { return output; } - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) - throws EProfileException { - return createProfileInput(id, inputId, nvps, true); + public IProfileInput createProfileInput(String id, String inputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileInput(id, inputId, nvps, true); } public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) - throws EProfileException { + NameValuePairs nvps, boolean createConfig) + throws EProfileException { IConfigStore inputStore = mConfig.getSubStore("input"); String input_list = null; @@ -720,10 +717,10 @@ public abstract class BasicProfile implements IProfile { } String prefix = id + "."; - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); + inputStore.putString(prefix + "name", + inputInfo.getName(Locale.getDefault())); inputStore.putString(prefix + "class_id", inputId); - + Enumeration<String> enum1 = nvps.getNames(); while (enum1.hasMoreElements()) { @@ -731,17 +728,17 @@ public abstract class BasicProfile implements IProfile { inputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (input != null) { - input.setConfig(name, nvps.getValue(name)); - } + if (input != null) { + input.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -754,33 +751,33 @@ public abstract class BasicProfile implements IProfile { /** * Creates a profile policy */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException { + return createProfilePolicy(setId, id, defaultClassId, constraintClassId, true); } - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) - throws EProfileException { - + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId, + boolean createConfig) + throws EProfileException { + // String setId ex: policyset.set1 // String id Id of policy : examples: p1,p2,p3 // String defaultClassId : id of the default plugin ex: validityDefaultImpl // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl // boolean createConfig : true : being called from the console. false: being called from server startup code - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); IConfigStore policyStore = mConfig.getSubStore("policyset." + setId); if (policies == null) { policies = new Vector<ProfilePolicy>(); mPolicySet.put(setId, policies); - if (createConfig) { + if (createConfig) { // re-create policyset.list - StringBuffer setlist =new StringBuffer(); + StringBuffer setlist = new StringBuffer(); Enumeration<String> keys = mPolicySet.keys(); while (keys.hasMoreElements()) { @@ -794,50 +791,50 @@ public abstract class BasicProfile implements IProfile { mConfig.putString("policyset.list", setlist.toString()); } } else { - String ids = null; + String ids = null; - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } + try { + ids = policyStore.getString(PROP_POLICY_LIST, ""); + } catch (Exception ee) { + } - if( ids == null ) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" ); - return null; - } + if (ids == null) { + CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); + return null; + } - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; + StringTokenizer st1 = new StringTokenizer(ids, ","); + int appearances = 0; + int appearancesTooMany = 0; + if (createConfig) + appearancesTooMany = 1; + else + appearancesTooMany = 2; - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " + id); - } + while (st1.hasMoreTokens()) { + String pid = st1.nextToken(); + if (pid.equals(id)) { + appearances++; + if (appearances >= appearancesTooMany) { + CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); + if (createConfig) { + throw new EProfileException("Duplicate policy id: " + id); } } } + } } // Now make sure we aren't trying to add a policy that already exists IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; + String setlist = null; try { setlist = policySetStore.getString("list", ""); } catch (Exception e) { } StringTokenizer st = new StringTokenizer(setlist, ","); - int matches = 0; + int matches = 0; while (st.hasMoreTokens()) { String sId = (String) st.nextToken(); @@ -846,10 +843,10 @@ public abstract class BasicProfile implements IProfile { continue; } IConfigStore pStore = policySetStore.getSubStore(sId); - + String list = null; try { - list = pStore.getString(PROP_POLICY_LIST, ""); + list = pStore.getString(PROP_POLICY_LIST, ""); } catch (Exception e) { CMS.debug("WARNING, can't get policy id list!"); } @@ -862,9 +859,9 @@ public abstract class BasicProfile implements IProfile { String defaultRoot = curId + "." + PROP_DEFAULT; String curDefaultClassId = null; try { - curDefaultClassId = pStore.getString(defaultRoot + "." + - PROP_CLASS_ID); - } catch(Exception e) { + curDefaultClassId = pStore.getString(defaultRoot + "." + + PROP_CLASS_ID); + } catch (Exception e) { CMS.debug("WARNING, can't get default plugin id!"); } @@ -879,21 +876,20 @@ public abstract class BasicProfile implements IProfile { //Disallow duplicate defaults with the following exceptions: // noDefaultImpl, genericExtDefaultImpl - if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && - !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) { + if ((curDefaultClassId.equals(defaultClassId) && + !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); } } else { - if( matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + - " Contact System Administrator."); + if (matches > 1) { + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); } } } @@ -919,8 +915,8 @@ public abstract class BasicProfile implements IProfile { Class.forName(defaultClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: default policy " + - defaultClass + " " + e.toString()); + CMS.debug("BasicProfile: default policy " + + defaultClass + " " + e.toString()); } if (def == null) { CMS.debug("BasicProfile: failed to create " + defaultClass); @@ -931,7 +927,7 @@ public abstract class BasicProfile implements IProfile { def.init(this, defStore); } - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", + IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", constraintClassId); String constraintClass = conInfo.getClassName(); IPolicyConstraint constraint = null; @@ -941,8 +937,8 @@ public abstract class BasicProfile implements IProfile { Class.forName(constraintClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: constraint policy " + - constraintClass + " " + e.toString()); + CMS.debug("BasicProfile: constraint policy " + + constraintClass + " " + e.toString()); } ProfilePolicy policy = null; if (constraint == null) { @@ -968,21 +964,21 @@ public abstract class BasicProfile implements IProfile { } else { policyStore.putString(PROP_POLICY_LIST, list + "," + id); } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", - defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); + policyStore.putString(id + ".default.name", + defInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".default.class_id", + defaultClassId); + policyStore.putString(id + ".constraint.name", + conInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".constraint.class_id", + constraintClassId); try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); policyStore.commit(false); } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " + - e.toString()); + CMS.debug("BasicProfile: commiting config store " + + e.toString()); } } @@ -990,7 +986,7 @@ public abstract class BasicProfile implements IProfile { } public IProfilePolicy getProfilePolicy(String setId, String id) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); if (policies == null) return null; @@ -1038,7 +1034,7 @@ public abstract class BasicProfile implements IProfile { * Creates request. */ public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; + throws EProfileException; /** * Returns the profile description. @@ -1056,19 +1052,19 @@ public abstract class BasicProfile implements IProfile { } public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { Enumeration<String> ids = getProfileInputIds(); while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - IProfileInput input = getProfileInput(id); + IProfileInput input = getProfileInput(id); input.populate(ctx, request); } } public Vector<ProfilePolicy> getPolicies(String setId) { - Vector<ProfilePolicy> policies = mPolicySet.get(setId); + Vector<ProfilePolicy> policies = mPolicySet.get(setId); return policies; } @@ -1076,34 +1072,34 @@ public abstract class BasicProfile implements IProfile { /** * Passes the request to the set of default policies that * populate the profile information against the profile. - */ + */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { String setId = getPolicySetId(request); Vector<ProfilePolicy> policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid ="+ setId); + CMS.debug("BasicProfile: populate() policy setid =" + setId); for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); policy.getDefault().populate(request); } } /** - * Passes the request to the set of constraint policies + * Passes the request to the set of constraint policies * that validate the request against the profile. - */ + */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId="+ setId); + CMS.debug("BasicProfile: validate start on setId=" + setId); Vector<ProfilePolicy> policies = getPolicies(setId); for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); policy.getConstraint().validate(request); } @@ -1130,24 +1126,24 @@ public abstract class BasicProfile implements IProfile { for (int i = 0; i < policies.size(); i++) { ProfilePolicy policy = (ProfilePolicy) - policies.elementAt(i); + policies.elementAt(i); - v.addElement(policy.getId()); + v.addElement(policy.getId()); } return v.elements(); } public void execute(IRequest request) - throws EProfileException { + throws EProfileException { } /** * Signed Audit Log - * + * * This method is inherited by all extended "BasicProfile"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1159,20 +1155,20 @@ public abstract class BasicProfile implements IProfile { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "BasicProfile"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1202,4 +1198,3 @@ public abstract class BasicProfile implements IProfile { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index 681f2b4a..cdaddef5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,103 +27,101 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a Certificate Manager enrollment * profile for CA Certificates. - * + * * @version $Revision$, $Date$ */ -public class CACertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class CACertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** * Called after initialization. It populates default * policies, inputs, and outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); // extensions IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","true"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","true"); - defConfig5.putString("params.keyUsageKeyEncipherment","false"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "true"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "true"); + defConfig5.putString("params.keyUsageKeyEncipherment", "false"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); IProfilePolicy policy6 = - createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p6", + "basicConstraintsExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def6 = policy6.getDefault(); IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen","-1"); - defConfig6.putString("params.basicConstraintsIsCA","true"); - defConfig6.putString("params.basicConstraintsPathLen","-1"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); + defConfig6.putString("params.basicConstraintsIsCA", "true"); + defConfig6.putString("params.basicConstraintsPathLen", "-1"); IPolicyConstraint con6 = policy6.getConstraint(); IConfigStore conConfig6 = con6.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 32cd51b5..aa18acd3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -41,27 +40,24 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; - /** * This class implements a Certificate Manager enrollment * profile. - * + * * @version $Revision$, $Date$ */ public class CAEnrollProfile extends EnrollProfile { - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; - + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; public CAEnrollProfile() { super(); } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (authority == null) return null; @@ -70,17 +66,17 @@ public class CAEnrollProfile extends EnrollProfile { public X500Name getIssuerName() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X500Name issuerName = ca.getX500Name(); return issuerName; } public void execute(IRequest request) - throws EProfileException { + throws EProfileException { long startTime = CMS.getCurrentDate().getTime(); - + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); @@ -91,14 +87,13 @@ public class CAEnrollProfile extends EnrollProfile { String auditRequesterID = auditRequesterID(request); String auditArchiveID = ILogger.UNIDENTIFIED; - String id = request.getRequestId().toString(); if (id != null) { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" + - request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute reqId=" + + request.getRequestId().toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -113,41 +108,39 @@ public class CAEnrollProfile extends EnrollProfile { // do not archive keys for renewal requests if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { PKIArchiveOptions options = (PKIArchiveOptions) - toPKIArchiveOptions(optionsData); + toPKIArchiveOptions(optionsData); if (options != null) { CMS.debug("CAEnrollProfile: execute found " + - "PKIArchiveOptions"); + "PKIArchiveOptions"); try { IConnector kraConnector = caService.getKRAConnector(); if (kraConnector == null) { CMS.debug("CAEnrollProfile: KRA connector " + - "not configured"); + "not configured"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); - + } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); - - // check response if (!request.isSuccess()) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); throw new ERejectException( @@ -155,17 +148,16 @@ public class CAEnrollProfile extends EnrollProfile { } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditArchiveID); audit(auditMessage); } } catch (Exception e) { - if (e instanceof ERejectException) { throw (ERejectException) e; } @@ -194,12 +186,12 @@ public class CAEnrollProfile extends EnrollProfile { sc.put("profileId", getId()); String setId = request.getExtDataInString("profileSetId"); if (setId != null) { - sc.put("profileSetId", setId); + sc.put("profileSetId", setId); } try { theCert = caService.issueX509Cert(info, getId() /* profileId */, - id /* requestId */); + id /* requestId */); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -211,24 +203,24 @@ public class CAEnrollProfile extends EnrollProfile { String initiative = AuditFormat.FROMAGENT + " userID: " - + (String)sc.get(SessionContext.USER_ID); - String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID); + + (String) sc.get(SessionContext.USER_ID); + String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); ILogger logger = CMS.getLogger(); - if( logger != null ) { - logger.log( ILogger.EV_AUDIT, - ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" + - theCert.getSerialNumber().toString(16) + - " time: " + (endTime - startTime) } - ); + if (logger != null) { + logger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, + new Object[] { + request.getRequestType(), + request.getRequestId(), + initiative, + authMgr, + "completed", + theCert.getSubjectDN(), + "cert issued serial number: 0x" + + theCert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) } + ); } request.setRequestStatus(RequestStatus.COMPLETE); @@ -236,9 +228,9 @@ public class CAEnrollProfile extends EnrollProfile { // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { - String updaterId = (String)updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); + String updaterId = (String) updaterIds.nextElement(); + IProfileUpdater updater = getProfileUpdater(updaterId); + updater.update(request, RequestStatus.COMPLETE); } // set value for predicate value - checking in getRule @@ -248,4 +240,3 @@ public class CAEnrollProfile extends EnrollProfile { request.setExtData("isEncryptionCert", "false"); } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 8bc6f190..44d7454e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -99,21 +98,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; - /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile - implements IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile + implements IEnrollProfile { private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; + public EnrollProfile() { super(); } @@ -134,11 +133,11 @@ public abstract class EnrollProfile extends BasicProfile * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -175,10 +174,9 @@ public abstract class EnrollProfile extends BasicProfile if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num =0; + renewal_seq_num = 0; } } - // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -186,7 +184,7 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -211,32 +209,32 @@ public abstract class EnrollProfile extends BasicProfile 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, - 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, + 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, - -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; + -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 }; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); info.set(X509CertInfo.KEY, - new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(issuerName)); - info.set(X509CertInfo.VALIDITY, - new CertificateValidity(new Date(), new Date())); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId("MD5withRSA"))); + new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(issuerName)); + info.set(X509CertInfo.VALIDITY, + new CertificateValidity(new Date(), new Date())); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, - new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, + new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -246,7 +244,7 @@ public abstract class EnrollProfile extends BasicProfile } public IRequest createEnrollmentRequest() - throws EProfileException { + throws EProfileException { IRequest req = null; try { @@ -270,7 +268,7 @@ public abstract class EnrollProfile extends BasicProfile } public abstract void execute(IRequest request) - throws EProfileException; + throws EProfileException; /** * Perform simple policy set assignment. @@ -298,7 +296,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -308,11 +306,11 @@ public abstract class EnrollProfile extends BasicProfile } /** - * This method is called after the user submits the + * This method is called after the user submits the * request from the end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { @@ -325,18 +323,18 @@ public abstract class EnrollProfile extends BasicProfile // } // } - IAuthority authority = (IAuthority) - getAuthority(); + IAuthority authority = (IAuthority) + getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -359,7 +357,7 @@ public abstract class EnrollProfile extends BasicProfile } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); @@ -374,15 +372,15 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(data); - + new ByteArrayInputStream(data); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); @@ -398,22 +396,22 @@ public abstract class EnrollProfile extends BasicProfile if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i=0; i<numcontrols; i++) { - attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); + for (int i = 0; i < numcontrols; i++) { + attributes[i] = (TaggedAttribute) controlSeq.elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -421,18 +419,18 @@ public abstract class EnrollProfile extends BasicProfile } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i=0; i<numOtherMsgs; i++) { - OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg"+i, omsg); + for (int i = 0; i < numOtherMsgs; i++) { + OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg" + i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -445,7 +443,7 @@ public abstract class EnrollProfile extends BasicProfile valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -462,7 +460,7 @@ public abstract class EnrollProfile extends BasicProfile } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -477,15 +475,15 @@ public abstract class EnrollProfile extends BasicProfile } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -494,7 +492,7 @@ public abstract class EnrollProfile extends BasicProfile String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -503,25 +501,25 @@ public abstract class EnrollProfile extends BasicProfile CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j=0; j<attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); + for (int j = 0; j < attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal.elementAt(0)))); + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal.elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -535,14 +533,14 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { ostr = (OCTET_STRING) - (new OCTET_STRING.Template()).decode(bis); + (new OCTET_STRING.Template()).decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -550,7 +548,7 @@ public abstract class EnrollProfile extends BasicProfile } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -569,7 +567,7 @@ public abstract class EnrollProfile extends BasicProfile MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -580,7 +578,7 @@ public abstract class EnrollProfile extends BasicProfile hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -589,9 +587,9 @@ public abstract class EnrollProfile extends BasicProfile return false; } - for (int j=0; j<bv.length; j++) { + for (int j = 0; j < bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -633,23 +631,23 @@ public abstract class EnrollProfile extends BasicProfile else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -662,34 +660,34 @@ public abstract class EnrollProfile extends BasicProfile } public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + - e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -708,42 +706,42 @@ public abstract class EnrollProfile extends BasicProfile } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i=0; i<bodyIds.size(); i++) { - INTEGER num = (INTEGER)(bodyIds.elementAt(i)); + for (int i = 0; i < bodyIds.size(); i++) { + INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { @@ -758,10 +756,10 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(data); + new ByteArrayInputStream(data); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -779,17 +777,17 @@ public abstract class EnrollProfile extends BasicProfile } private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = - new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 } + ); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); @@ -801,8 +799,8 @@ public abstract class EnrollProfile extends BasicProfile ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); @@ -810,13 +808,13 @@ public abstract class EnrollProfile extends BasicProfile return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -825,12 +823,12 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); //req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, - toByteArray(opt)); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, + toByteArray(opt)); } } @@ -856,7 +854,7 @@ public abstract class EnrollProfile extends BasicProfile // parse validity if (certTemplate.getNotBefore() != null || - certTemplate.getNotAfter() != null) { + certTemplate.getNotAfter() != null) { CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); @@ -874,7 +872,7 @@ public abstract class EnrollProfile extends BasicProfile if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); @@ -886,18 +884,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } } @@ -921,10 +921,10 @@ public abstract class EnrollProfile extends BasicProfile for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -932,17 +932,17 @@ public abstract class EnrollProfile extends BasicProfile oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } @@ -965,7 +965,7 @@ public abstract class EnrollProfile extends BasicProfile } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); @@ -996,7 +996,7 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1021,7 +1021,7 @@ public abstract class EnrollProfile extends BasicProfile } public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1033,18 +1033,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } info.set(X509CertInfo.KEY, certKey); @@ -1052,11 +1054,12 @@ public abstract class EnrollProfile extends BasicProfile PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + CMS.debug("Found PKCS10 extension"); Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -1070,8 +1073,8 @@ public abstract class EnrollProfile extends BasicProfile } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { @@ -1085,60 +1088,58 @@ public abstract class EnrollProfile extends BasicProfile } } + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } + } - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } - + } public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1147,8 +1148,8 @@ public abstract class EnrollProfile extends BasicProfile } public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req - ) - throws EProfileException { + ) + throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1229,27 +1230,26 @@ public abstract class EnrollProfile extends BasicProfile /** * Populate input * <P> - * - * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * + * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a - * profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process) * </ul> + * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } public void populate(IRequest request) - throws EProfileException { + throws EProfileException { super.populate(request); } @@ -1259,7 +1259,7 @@ public abstract class EnrollProfile extends BasicProfile * that validate the request against the profile. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1272,7 +1272,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it @@ -1348,12 +1348,12 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Requester ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1379,12 +1379,12 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Profile ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "ProfileID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1405,7 +1405,7 @@ public abstract class EnrollProfile extends BasicProfile } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1429,32 +1429,31 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java index 199aa794..3610520f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IProfileContext; - /** * This class implements an enrollment profile context * that carries information for request creation. - * + * * @version $Revision$, $Date$ */ -public class EnrollProfileContext extends ProfileContext - implements IProfileContext { +public class EnrollProfileContext extends ProfileContext + implements IProfileContext { } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java index 147d9c82..7a275b1e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java @@ -17,15 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Hashtable; import com.netscape.certsrv.profile.IProfileContext; - /** * This class implements the profile context. - * + * * @version $Revision$, $Date$ */ public class ProfileContext implements IProfileContext { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java index a0f0ed25..a8a90aef 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java @@ -17,17 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a profile policy that * contains a default policy and a constraint * policy. - * + * * @version $Revision$, $Date$ */ public class ProfilePolicy implements IProfilePolicy { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java index f82e7313..ed028cee 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -35,11 +34,10 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; - /** - * This class implements a Registration Manager + * This class implements a Registration Manager * enrollment profile. - * + * * @version $Revision$, $Date$ */ public class RAEnrollProfile extends EnrollProfile { @@ -49,8 +47,8 @@ public class RAEnrollProfile extends EnrollProfile { } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (authority == null) return null; @@ -59,15 +57,14 @@ public class RAEnrollProfile extends EnrollProfile { public X500Name getIssuerName() { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); X500Name issuerName = ra.getX500Name(); return issuerName; } public void execute(IRequest request) - throws EProfileException { - + throws EProfileException { if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); @@ -75,14 +72,13 @@ public class RAEnrollProfile extends EnrollProfile { } IRegistrationAuthority ra = - (IRegistrationAuthority) getAuthority(); + (IRegistrationAuthority) getAuthority(); IRAService raService = (IRAService) ra.getRAService(); if (raService == null) { throw new EProfileException("No RA Service"); } - IRequestQueue queue = ra.getRequestQueue(); // send request to CA @@ -94,13 +90,13 @@ public class RAEnrollProfile extends EnrollProfile { } else { caConnector.send(request); // check response - if (!request.isSuccess()) { + if (!request.isSuccess()) { CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); request.setRequestStatus(RequestStatus.SVC_PENDING); try { - queue.updateRequest(request); + queue.updateRequest(request); } catch (EBaseException e) { CMS.debug("RAEnrollProfile: Update request " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index 4a18ff14..f71d8b23 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,91 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a Certificate Manager enrollment * profile for Server Certificates. - * + * * @version $Revision$, $Date$ */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class ServerCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** * Called after initialization. It populates default * policies, inputs, and outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); IProfileInput input1 = - createProfileInput("i1", "certReqInputImpl", inputParams1); + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); IProfileInput input2 = - createProfileInput("i2", "submitterInfoInputImpl", inputParams2); + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + createProfileOutput("o1", "certOutputImpl", outputParams1); IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","true"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); - IPolicyConstraint con5 = policy5.getConstraint(); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); + IPolicyDefault def5 = policy5.getDefault(); + IConfigStore defConfig5 = def5.getConfigStore(); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "true"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); + IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 7d4254bf..34cd4bf5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -28,94 +27,92 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; - /** * This class implements a Certificate Manager enrollment * profile for User Certificates. - * + * * @version $Revision$, $Date$ */ -public class UserCertCAEnrollProfile extends CAEnrollProfile - implements IProfileEx { +public class UserCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** * Called after initialization. It populates default * policies, inputs, and outputs. */ - public void populate() throws EBaseException - { + public void populate() throws EBaseException { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); IProfileInput input1 = - createProfileInput("i1", "keyGenInputImpl", inputParams1); + createProfileInput("i1", "keyGenInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); IProfileInput input2 = - createProfileInput("i2", "subjectNameInputImpl", inputParams2); + createProfileInput("i2", "subjectNameInputImpl", inputParams2); NameValuePairs inputParams3 = new NameValuePairs(); IProfileInput input3 = - createProfileInput("i3", "submitterInfoInputImpl", inputParams2); + createProfileInput("i3", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); IProfileOutput output1 = - createProfileOutput("o1", "certOutputImpl", outputParams1); + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies IProfilePolicy policy1 = - createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - IPolicyDefault def1 = policy1.getDefault(); - IConfigStore defConfig1 = def1.getConfigStore(); - IPolicyConstraint con1 = policy1.getConstraint(); + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); + IPolicyDefault def1 = policy1.getDefault(); + IConfigStore defConfig1 = def1.getConfigStore(); + IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); IProfilePolicy policy2 = - createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range","180"); - defConfig2.putString("params.startTime","0"); - IPolicyConstraint con2 = policy2.getConstraint(); + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); + IPolicyDefault def2 = policy2.getDefault(); + IConfigStore defConfig2 = def2.getConfigStore(); + defConfig2.putString("params.range", "180"); + defConfig2.putString("params.startTime", "0"); + IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); IProfilePolicy policy3 = - createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType","RSA"); - defConfig3.putString("params.keyMinLength","512"); - defConfig3.putString("params.keyMaxLength","4096"); - IPolicyConstraint con3 = policy3.getConstraint(); + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); + IPolicyDefault def3 = policy3.getDefault(); + IConfigStore defConfig3 = def3.getConfigStore(); + defConfig3.putString("params.keyType", "RSA"); + defConfig3.putString("params.keyMinLength", "512"); + defConfig3.putString("params.keyMaxLength", "4096"); + IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); IProfilePolicy policy4 = - createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg","-"); + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); + IPolicyDefault def4 = policy4.getDefault(); + IConfigStore defConfig4 = def4.getConfigStore(); + defConfig4.putString("params.signingAlg", "-"); defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - IPolicyConstraint con4 = policy4.getConstraint(); + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); IProfilePolicy policy5 = - createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical","true"); - defConfig5.putString("params.keyUsageCrlSign","false"); - defConfig5.putString("params.keyUsageDataEncipherment","false"); - defConfig5.putString("params.keyUsageDecipherOnly","false"); - defConfig5.putString("params.keyUsageDigitalSignature","true"); - defConfig5.putString("params.keyUsageEncipherOnly","false"); - defConfig5.putString("params.keyUsageKeyAgreement","false"); - defConfig5.putString("params.keyUsageKeyCertSign","false"); - defConfig5.putString("params.keyUsageKeyEncipherment","true"); - defConfig5.putString("params.keyUsageNonRepudiation","true"); + defConfig5.putString("params.keyUsageCritical", "true"); + defConfig5.putString("params.keyUsageCrlSign", "false"); + defConfig5.putString("params.keyUsageDataEncipherment", "false"); + defConfig5.putString("params.keyUsageDecipherOnly", "false"); + defConfig5.putString("params.keyUsageDigitalSignature", "true"); + defConfig5.putString("params.keyUsageEncipherOnly", "false"); + defConfig5.putString("params.keyUsageKeyAgreement", "false"); + defConfig5.putString("params.keyUsageKeyCertSign", "false"); + defConfig5.putString("params.keyUsageKeyEncipherment", "true"); + defConfig5.putString("params.keyUsageNonRepudiation", "true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java index 4e4c2f60..30352278 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -40,24 +39,23 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the basic constraints extension constraint. * It checks if the basic constraint in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtConstraint extends EnrollConstraint { - public static final String CONFIG_CRITICAL = - "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = - "basicConstraintsIsCA"; - public static final String CONFIG_MIN_PATH_LEN = - "basicConstraintsMinPathLen"; - public static final String CONFIG_MAX_PATH_LEN = - "basicConstraintsMaxPathLen"; + public static final String CONFIG_CRITICAL = + "basicConstraintsCritical"; + public static final String CONFIG_IS_CA = + "basicConstraintsIsCA"; + public static final String CONFIG_MIN_PATH_LEN = + "basicConstraintsMinPathLen"; + public static final String CONFIG_MAX_PATH_LEN = + "basicConstraintsMaxPathLen"; public BasicConstraintsExtConstraint() { super(); @@ -71,25 +69,25 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * Initializes this constraint plugin. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_MIN_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN")); } else if (name.equals(CONFIG_MAX_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "100", CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN")); } @@ -101,20 +99,20 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateExtensions exts = null; try { BasicConstraintsExtension ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), + info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } // check criticality @@ -125,10 +123,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (critical != ext.isCritical()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } value = getConfig(CONFIG_IS_CA); if (!isOptional(value)) { boolean isCA = getBoolean(value); @@ -136,10 +134,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (isCA != extIsCA.booleanValue()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); } - } + } value = getConfig(CONFIG_MIN_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); @@ -148,8 +146,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (pathLen > extPathLen.intValue()) { CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); } } value = getConfig(CONFIG_MAX_PATH_LEN); @@ -160,17 +158,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { if (pathLen < extPathLen.intValue()) { CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); } } } catch (IOException e) { CMS.debug("BasicConstraintsExt: validate " + e.toString()); throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } } @@ -182,8 +180,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { getConfig(CONFIG_MAX_PATH_LEN) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params); } @@ -198,8 +196,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { } public void setConfig(String name, String value) - throws EPropertyException { - + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null"); @@ -208,8 +205,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value); - if(name.equals(CONFIG_MAX_PATH_LEN)) - { + if (name.equals(CONFIG_MAX_PATH_LEN)) { String minPathLen = getConfig(CONFIG_MIN_PATH_LEN); @@ -217,13 +213,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { int maxLen = getInt(value); - if(minLen >= maxLen) { + if (minLen >= maxLen) { CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!"); throw new EPropertyException("bad value"); } - } mConfig.getSubStore("params").putString(name, value); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index 9759af73..c0a9758d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** * This class represents an abstract class for CA enrollment * constraint. @@ -42,7 +40,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { */ public X509CertImpl getCACert() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); return caCert; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index 4d89e739..e118fa21 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -38,12 +37,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** * This class implements the validity constraint. * It checks if the validity in the certificate * template is within the CA's validity. - * + * * @version $Revision$, $Date$ */ public class CAValidityConstraint extends CAEnrollConstraint { @@ -56,7 +54,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); X509CertImpl caCert = getCACert(); @@ -69,7 +67,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("CAValidityConstraint: validate start"); CertificateValidity v = null; @@ -99,15 +97,15 @@ public class CAValidityConstraint extends CAEnrollConstraint { } if (mDefNotBefore != null) { - CMS.debug("ValidtyConstraint: notBefore=" + notBefore + - " defNotBefore=" + mDefNotBefore); + CMS.debug("ValidtyConstraint: notBefore=" + notBefore + + " defNotBefore=" + mDefNotBefore); if (notBefore.before(mDefNotBefore)) { throw new ERejectException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); } } - CMS.debug("ValidtyConstraint: notAfter=" + notAfter + - " defNotAfter=" + mDefNotAfter); + CMS.debug("ValidtyConstraint: notAfter=" + notAfter + + " defNotAfter=" + mDefNotAfter); if (notAfter.after(mDefNotAfter)) { throw new ERejectException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); @@ -122,8 +120,8 @@ public class CAValidityConstraint extends CAEnrollConstraint { mDefNotAfter.toString() }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java index a03eadcd..40c2153a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the generic enrollment constraint. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollConstraint implements IPolicyConstraint { @@ -81,7 +79,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -105,46 +103,46 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } public IConfigStore getConfigStore() { return mConfig; - } + } /** * Validates the request. The request is not modified * during the validation. - * + * * @param request enrollment request * @param info certificate template * @exception ERejectException request is rejected due - * to violation of constraint + * to violation of constraint */ public abstract void validate(IRequest request, X509CertInfo info) - throws ERejectException; + throws ERejectException; /** * Validates the request. The request is not modified * during the validation. - * + * * The current implementation of this method calls * into the subclass's validate(request, info) * method for validation checking. - * + * * @param request request * @exception ERejectException request is rejected due - * to violation of constraint + * to violation of constraint */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": validate start"); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); validate(request, info); diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java index 539f4890..9c8e0478 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -40,19 +39,18 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the extended key usage extension constraint. * It checks if the extended key usage extension in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; public static final String CONFIG_OIDS = - "exKeyUsageOIDs"; + "exKeyUsageOIDs"; public ExtendedKeyUsageExtConstraint() { super(); @@ -61,20 +59,20 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", - "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } + } return null; } @@ -83,16 +81,16 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - ExtendedKeyUsageExtension.OID)); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + ExtendedKeyUsageExtension.OID)); } // check criticality @@ -104,10 +102,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { if (critical != ext.isCritical()) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } // Build local cache of configured OIDs Vector mCache = new Vector(); @@ -122,15 +120,15 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { // check OIDs Enumeration e = ext.getOIDs(); - while (e.hasMoreElements()) { + while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); if (!mCache.contains(oid.toString())) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OID_NOT_MATCHED", - oid.toString())); + getLocale(request), + "CMS_PROFILE_OID_NOT_MATCHED", + oid.toString())); } } } @@ -141,7 +139,7 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java index cda51a07..1562fddb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.Extension; @@ -37,12 +36,11 @@ import com.netscape.cms.profile.def.EnrollExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the general extension constraint. * It checks if the extension in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class ExtensionConstraint extends EnrollConstraint { @@ -57,33 +55,32 @@ public class ExtensionConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("ExtensionConstraint: mConfig.getSubStore is null"); } else { CMS.debug("ExtensionConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_OID)) - { - try { - CMS.checkOID("", value); - } catch (Exception e) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); - } + " value=" + value); + + if (name.equals(CONFIG_OID)) { + try { + CMS.checkOID("", value); + } catch (Exception e) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); + } } mConfig.getSubStore("params").putString(name, value); } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -101,16 +98,16 @@ public class ExtensionConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { - Extension ext = getExtension(getConfig(CONFIG_OID), info); + Extension ext = getExtension(getConfig(CONFIG_OID), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - getConfig(CONFIG_OID))); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + getConfig(CONFIG_OID))); } // check criticality @@ -119,12 +116,12 @@ public class ExtensionConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { + if (critical != ext.isCritical()) { throw new ERejectException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } } public String getText(Locale locale) { @@ -133,7 +130,7 @@ public class ExtensionConstraint extends EnrollConstraint { getConfig(CONFIG_OID) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 56ec0adf..eb66783e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.HashMap; @@ -44,11 +43,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserKeyDefault; - /** * This constraint is to check the key type and * key length. - * + * * @version $Revision$, $Date$ */ @SuppressWarnings("serial") @@ -57,72 +55,299 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2", - "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283", - "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571", - "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1", - "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1", - "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3", - "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2", - "sect131r1","sect131r2" + private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", + "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", + "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", + "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", + "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1", + "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", + "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2", + "sect131r1", "sect131r2" }; - private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>(); - static - { - ecOIDs.put( "1.2.840.10045.3.1.7", new Vector() {{add("nistp256");add("secp256r1");}}); - ecOIDs.put( "1.3.132.0.34", new Vector() {{add("nistp384");add("secp384r1");}}); - ecOIDs.put( "1.3.132.0.35", new Vector() {{add("nistp521");add("secp521r1");}}); - ecOIDs.put( "1.3.132.0.1", new Vector() {{add("sect163k1");add("nistk163");}}); - ecOIDs.put( "1.3.132.0.2", new Vector() {{add("sect163r1");}}); - ecOIDs.put( "1.3.132.0.15", new Vector() {{add("sect163r2");add("nistb163");}}); - ecOIDs.put( "1.3.132.0.24", new Vector() {{add("sect193r1");}}); - ecOIDs.put( "1.3.132.0.25", new Vector() {{add("sect193r2");}}); - ecOIDs.put( "1.3.132.0.26", new Vector() {{add("sect233k1");add("nistk233");}}); - ecOIDs.put( "1.3.132.0.27", new Vector() {{add("sect233r1");add("nistb233");}}); - ecOIDs.put( "1.3.132.0.3", new Vector() {{add("sect239k1");}}); - ecOIDs.put( "1.3.132.0.16", new Vector() {{add("sect283k1");add("nistk283");}}); - ecOIDs.put( "1.3.132.0.17", new Vector() {{add("sect283r1");add("nistb283");}}); - ecOIDs.put( "1.3.132.0.36", new Vector() {{add("sect409k1");add("nistk409");}}); - ecOIDs.put( "1.3.132.0.37", new Vector() {{add("sect409r1");add("nistb409");}}); - ecOIDs.put( "1.3.132.0.38", new Vector() {{add("sect571k1"); add("nistk571");}}); - ecOIDs.put( "1.3.132.0.39", new Vector() {{add("sect571r1");add("nistb571");}}); - ecOIDs.put( "1.3.132.0.9", new Vector() {{add("secp160k1");}}); - ecOIDs.put( "1.3.132.0.8", new Vector() {{add("secp160r1");}}); - ecOIDs.put( "1.3.132.0.30", new Vector() {{add("secp160r2");}}); - ecOIDs.put( "1.3.132.0.31", new Vector() {{add("secp192k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.1", new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}}); - ecOIDs.put( "1.3.132.0.32", new Vector() {{add("secp224k1");}}); - ecOIDs.put( "1.3.132.0.33", new Vector() {{add("secp224r1");add("nistp224");}}); - ecOIDs.put( "1.3.132.0.10", new Vector() {{add("secp256k1");}}); - ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}}); - ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}}); - ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}}); - ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.1", new Vector() {{add("c2pnb163v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.2", new Vector() {{add("c2pnb163v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.3", new Vector() {{add("c2pnb163v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.4", new Vector() {{add("c2pnb176v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.5", new Vector() {{add("c2tnb191v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.6", new Vector() {{add("c2tnb191v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.7", new Vector() {{add("c2tnb191v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}}); - ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}}); - ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}}); - ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}}); - ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}}); - ecOIDs.put( "1.3.132.0.6", new Vector() {{add("secp112r1");}}); - ecOIDs.put( "1.3.132.0.7", new Vector() {{add("secp112r2");}}); - ecOIDs.put( "1.3.132.0.28", new Vector() {{add("secp128r1");}}); - ecOIDs.put( "1.3.132.0.29", new Vector() {{add("secp128r2");}}); - ecOIDs.put( "1.3.132.0.4", new Vector() {{add("sect113r1");}}); - ecOIDs.put( "1.3.132.0.5", new Vector() {{add("sect113r2");}}); - ecOIDs.put( "1.3.132.0.22", new Vector() {{add("sect131r1");}}); - ecOIDs.put( "1.3.132.0.23", new Vector() {{add("sect131r2");}}); + private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>(); + static { + ecOIDs.put("1.2.840.10045.3.1.7", new Vector() { + { + add("nistp256"); + add("secp256r1"); + } + }); + ecOIDs.put("1.3.132.0.34", new Vector() { + { + add("nistp384"); + add("secp384r1"); + } + }); + ecOIDs.put("1.3.132.0.35", new Vector() { + { + add("nistp521"); + add("secp521r1"); + } + }); + ecOIDs.put("1.3.132.0.1", new Vector() { + { + add("sect163k1"); + add("nistk163"); + } + }); + ecOIDs.put("1.3.132.0.2", new Vector() { + { + add("sect163r1"); + } + }); + ecOIDs.put("1.3.132.0.15", new Vector() { + { + add("sect163r2"); + add("nistb163"); + } + }); + ecOIDs.put("1.3.132.0.24", new Vector() { + { + add("sect193r1"); + } + }); + ecOIDs.put("1.3.132.0.25", new Vector() { + { + add("sect193r2"); + } + }); + ecOIDs.put("1.3.132.0.26", new Vector() { + { + add("sect233k1"); + add("nistk233"); + } + }); + ecOIDs.put("1.3.132.0.27", new Vector() { + { + add("sect233r1"); + add("nistb233"); + } + }); + ecOIDs.put("1.3.132.0.3", new Vector() { + { + add("sect239k1"); + } + }); + ecOIDs.put("1.3.132.0.16", new Vector() { + { + add("sect283k1"); + add("nistk283"); + } + }); + ecOIDs.put("1.3.132.0.17", new Vector() { + { + add("sect283r1"); + add("nistb283"); + } + }); + ecOIDs.put("1.3.132.0.36", new Vector() { + { + add("sect409k1"); + add("nistk409"); + } + }); + ecOIDs.put("1.3.132.0.37", new Vector() { + { + add("sect409r1"); + add("nistb409"); + } + }); + ecOIDs.put("1.3.132.0.38", new Vector() { + { + add("sect571k1"); + add("nistk571"); + } + }); + ecOIDs.put("1.3.132.0.39", new Vector() { + { + add("sect571r1"); + add("nistb571"); + } + }); + ecOIDs.put("1.3.132.0.9", new Vector() { + { + add("secp160k1"); + } + }); + ecOIDs.put("1.3.132.0.8", new Vector() { + { + add("secp160r1"); + } + }); + ecOIDs.put("1.3.132.0.30", new Vector() { + { + add("secp160r2"); + } + }); + ecOIDs.put("1.3.132.0.31", new Vector() { + { + add("secp192k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.1", new Vector() { + { + add("secp192r1"); + add("nistp192"); + add("prime192v1"); + } + }); + ecOIDs.put("1.3.132.0.32", new Vector() { + { + add("secp224k1"); + } + }); + ecOIDs.put("1.3.132.0.33", new Vector() { + { + add("secp224r1"); + add("nistp224"); + } + }); + ecOIDs.put("1.3.132.0.10", new Vector() { + { + add("secp256k1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.2", new Vector() { + { + add("prime192v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.3", new Vector() { + { + add("prime192v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.4", new Vector() { + { + add("prime239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.5", new Vector() { + { + add("prime239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.1.6", new Vector() { + { + add("prime239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.1", new Vector() { + { + add("c2pnb163v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.2", new Vector() { + { + add("c2pnb163v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.3", new Vector() { + { + add("c2pnb163v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.4", new Vector() { + { + add("c2pnb176v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.5", new Vector() { + { + add("c2tnb191v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.6", new Vector() { + { + add("c2tnb191v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.7", new Vector() { + { + add("c2tnb191v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.10", new Vector() { + { + add("c2pnb208w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.11", new Vector() { + { + add("c2tnb239v1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.12", new Vector() { + { + add("c2tnb239v2"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.13", new Vector() { + { + add("c2tnb239v3"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.16", new Vector() { + { + add("c2pnb272w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.17", new Vector() { + { + add("c2pnb304w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.19", new Vector() { + { + add("c2pnb368w1"); + } + }); + ecOIDs.put("1.2.840.10045.3.0.20", new Vector() { + { + add("c2tnb431r1"); + } + }); + ecOIDs.put("1.3.132.0.6", new Vector() { + { + add("secp112r1"); + } + }); + ecOIDs.put("1.3.132.0.7", new Vector() { + { + add("secp112r2"); + } + }); + ecOIDs.put("1.3.132.0.28", new Vector() { + { + add("secp128r1"); + } + }); + ecOIDs.put("1.3.132.0.29", new Vector() { + { + add("secp128r2"); + } + }); + ecOIDs.put("1.3.132.0.4", new Vector() { + { + add("sect113r1"); + } + }); + ecOIDs.put("1.3.132.0.5", new Vector() { + { + add("sect113r2"); + } + }); + ecOIDs.put("1.3.132.0.22", new Vector() { + { + add("sect131r1"); + } + }); + ecOIDs.put("1.3.132.0.23", new Vector() { + { + add("sect131r2"); + } + }); } private static String[] cfgECCurves = null; @@ -136,7 +361,7 @@ public class KeyConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); String ecNames = ""; @@ -148,17 +373,17 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("KeyConstraint.init ecNames: " + ecNames); if (ecNames != null && ecNames.length() != 0) { cfgECCurves = ecNames.split(","); - } + } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else if (name.equals(CONFIG_KEY_PARAMETERS)) { - return new Descriptor(IDescriptor.STRING,null,"", - CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS")); + } else if (name.equals(CONFIG_KEY_PARAMETERS)) { + return new Descriptor(IDescriptor.STRING, null, "", + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS")); } return null; @@ -169,11 +394,11 @@ public class KeyConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { try { CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); String value = getConfig(CONFIG_KEY_TYPE); @@ -183,27 +408,27 @@ public class KeyConstraint extends EnrollConstraint { if (!alg.equals(value)) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", + value)); } } int keySize = 0; String ecCurve = ""; - if (alg.equals("RSA")) { + if (alg.equals("RSA")) { keySize = getRSAKeyLen(key); - } else if (alg.equals("DSA")) { + } else if (alg.equals("DSA")) { keySize = getDSAKeyLen(key); - } else if (alg.equals("EC")) { + } else if (alg.equals("EC")) { //EC key case. } else { - throw new ERejectException( + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INVALID_KEY_TYPE", - alg)); + getLocale(request), + "CMS_PROFILE_INVALID_KEY_TYPE", + alg)); } value = getConfig(CONFIG_KEY_PARAMETERS); @@ -214,9 +439,9 @@ public class KeyConstraint extends EnrollConstraint { if (!alg.equals(keyType) && !isOptional(keyType)) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } AlgorithmId algid = key.getAlgorithmId(); @@ -226,14 +451,14 @@ public class KeyConstraint extends EnrollConstraint { //Get raw string representation of alg parameters, will give //us the curve OID. - String params = null; + String params = null; if (algid != null) { params = algid.getParametersString(); } if (params.startsWith("OID.")) { params = params.substring(4); - } + } CMS.debug("EC key OID: " + params); Vector vect = ecOIDs.get(params); @@ -245,8 +470,8 @@ public class KeyConstraint extends EnrollConstraint { if (!isOptional(keyType)) { //Check the curve parameters only if explicit ECC or not optional - for (int i = 0 ; i < keyParams.length ; i ++) { - String ecParam = keyParams[i]; + for (int i = 0; i < keyParams.length; i++) { + String ecParam = keyParams[i]; CMS.debug("keyParams[i]: " + i + " param: " + ecParam); if (vect.contains(ecParam)) { curveFound = true; @@ -260,21 +485,21 @@ public class KeyConstraint extends EnrollConstraint { } if (!curveFound) { - CMS.debug("KeyConstraint.validate: EC key constrainst failed."); + CMS.debug("KeyConstraint.validate: EC key constrainst failed."); throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } - } else { - if ( !arrayContainsString(keyParams,Integer.toString(keySize))) { - throw new ERejectException( + } else { + if (!arrayContainsString(keyParams, Integer.toString(keySize))) { + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", - value)); + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } CMS.debug("KeyConstraint.validate: RSA key contraints passed."); } @@ -320,7 +545,7 @@ public class KeyConstraint extends EnrollConstraint { getConfig(CONFIG_KEY_PARAMETERS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params); } @@ -333,27 +558,27 @@ public class KeyConstraint extends EnrollConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value); //establish keyType, we don't know which order these params will arrive if (name.equals(CONFIG_KEY_TYPE)) { keyType = value; - if(keyParams.equals("")) - return; + if (keyParams.equals("")) + return; } - + //establish keyParams if (name.equals(CONFIG_KEY_PARAMETERS)) { CMS.debug("establish keyParams: " + value); keyParams = value; - if(keyType.equals("")) + if (keyType.equals("")) return; } // All the params we need for validation have been collected, // we don't know which order they will show up - if (keyType.length() > 0 && keyParams.length() > 0) { + if (keyType.length() > 0 && keyParams.length() > 0) { String[] params = keyParams.split(","); boolean isECCurve = false; int keySize = 0; @@ -362,47 +587,47 @@ public class KeyConstraint extends EnrollConstraint { if (keyType.equals("EC")) { if (cfgECCurves == null) { //Use the static array as a backup if the config values are not present. - isECCurve = arrayContainsString(ecCurves,params[i]); + isECCurve = arrayContainsString(ecCurves, params[i]); } else { - isECCurve = arrayContainsString(cfgECCurves,params[i]); + isECCurve = arrayContainsString(cfgECCurves, params[i]); } if (isECCurve == false) { //Not a valid EC curve throw exception. keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } - } else { + } else { try { keySize = Integer.parseInt(params[i]); } catch (Exception e) { keySize = 0; } - if (keySize <= 0) { + if (keySize <= 0) { keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } } - } - //Actually set the configuration in the profile - super.setConfig(CONFIG_KEY_TYPE, keyType); - super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); + } + //Actually set the configuration in the profile + super.setConfig(CONFIG_KEY_TYPE, keyType); + super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); - //Reset the vars for next round. - keyType = ""; - keyParams = ""; + //Reset the vars for next round. + keyType = ""; + keyParams = ""; } private boolean arrayContainsString(String[] array, String value) { if (array == null || value == null) { - return false; - } + return false; + } - for (int i = 0 ; i < array.length; i++) { + for (int i = 0; i < array.length; i++) { if (array[i].equals(value)) { return true; } @@ -411,4 +636,3 @@ public class KeyConstraint extends EnrollConstraint { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java index 4a483b43..927c64ec 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.x509.KeyUsageExtension; @@ -37,25 +36,24 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the key usage extension constraint. * It checks if the key usage constraint in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class KeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "keyUsageCritical"; public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; + "keyUsageDigitalSignature"; public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; + "keyUsageNonRepudiation"; public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; + "keyUsageKeyEncipherment"; public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -77,12 +75,12 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -138,16 +136,16 @@ public class KeyUsageExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - KeyUsageExtension ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + throws ERejectException { + KeyUsageExtension ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.KeyUsage_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.KeyUsage_Id.toString())); } boolean[] bits = ext.getBits(); @@ -156,10 +154,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_DIGITAL_SIGNATURE); @@ -167,99 +165,99 @@ public class KeyUsageExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != isSet(bits, 0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_NON_REPUDIATION); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DATA_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_AGREEMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_CERTSIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_CRL_SIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_ENCIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 7)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DECIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 8)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", + value)); + } } } @@ -277,7 +275,7 @@ public class KeyUsageExtConstraint extends EnrollConstraint { getConfig(CONFIG_DECIPHER_ONLY) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java index fe20b766..84336054 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import netscape.security.extensions.NSCertTypeExtension; @@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; - /** * This class implements the Netscape certificate type extension constraint. * It checks if the Netscape certificate type extension in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class NSCertTypeExtConstraint extends EnrollConstraint { @@ -68,11 +66,11 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", @@ -104,8 +102,8 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", - CMS.getUserMessage(locale, - "CMS_PROFILE_OBJECT_SIGNING_CA")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OBJECT_SIGNING_CA")); } return null; } @@ -115,16 +113,16 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { NSCertTypeExtension ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - NSCertTypeExtension.CertType_Id.toString())); + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + NSCertTypeExtension.CertType_Id.toString())); } String value = getConfig(CONFIG_CRITICAL); @@ -132,10 +130,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_SSL_CLIENT); @@ -143,10 +141,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(0)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_SERVER); @@ -154,10 +152,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(1)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL); @@ -165,10 +163,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(2)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING); @@ -176,10 +174,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(3)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_CA); @@ -187,10 +185,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(4)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SSL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL_CA); @@ -198,10 +196,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(5)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING_CA); @@ -209,10 +207,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(6)) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", + value)); } } } @@ -229,7 +227,7 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { getConfig(CONFIG_OBJECT_SIGNING_CA) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java index 108c32b1..0d81c583 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no constraint. - * + * * @version $Revision$, $Date$ */ public class NoConstraint implements IPolicyConstraint { public static final String CONFIG_NAME = "name"; - private IConfigStore mConfig = null; + private IConfigStore mConfig = null; private Vector mNames = new Vector(); public Enumeration getConfigNames() { @@ -56,7 +54,7 @@ public class NoConstraint implements IPolicyConstraint { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getConfig(String name) { @@ -68,7 +66,7 @@ public class NoConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -81,11 +79,11 @@ public class NoConstraint implements IPolicyConstraint { * during the validation. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT"); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index 91d5a46a..6dce4e6e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.math.BigInteger; import java.util.Date; import java.util.Locale; @@ -36,11 +35,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; - /** * This class supports renewal grace period, which has two * parameters: graceBefore and graceAfter - * + * * @author Christina Fu * @version $Revision$, $Date$ */ @@ -58,20 +56,20 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { - if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) || - name.equals(CONFIG_RENEW_GRACE_AFTER)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + throws EPropertyException { + if (name.equals(CONFIG_RENEW_GRACE_BEFORE) || + name.equals(CONFIG_RENEW_GRACE_AFTER)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER)); - } + "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER)); + } } super.setConfig(name, value); } @@ -88,75 +86,74 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void validate(IRequest req, X509CertInfo info) - throws ERejectException { - String origExpDate_s = req.getExtDataInString("origNotAfter"); - // probably not for renewal - if (origExpDate_s == null) { - return; - } else { - CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); - } - CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); - BigInteger origExpDate_BI = new BigInteger(origExpDate_s); - Date origExpDate = new Date(origExpDate_BI.longValue()); - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - int renew_grace_before = 0; - int renew_grace_after = 0; - BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); - BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s); - - // -1 means no limit - if (renew_grace_before_s == "") - renew_grace_before = -1; - else - renew_grace_before = Integer.parseInt(renew_grace_before_s); - - if (renew_grace_after_s == "") - renew_grace_after = -1; - else - renew_grace_after = Integer.parseInt(renew_grace_after_s); - - if (renew_grace_before > 0) - renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); - if (renew_grace_after > 0) - renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); - - Date current = CMS.getCurrentDate(); - long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); - - /* - * "days", if positive, has to be less than renew_grace_before - * "days", if negative, means already past expiration date, - * (abs value) has to be less than renew_grace_after - * if renew_grace_before or renew_grace_after are negative - * the one with negative value is ignored - */ - if (millisDiff >= 0) { - if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } else { - if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before+" days before and "+ - renew_grace_after+" days after original cert expiration date")); - } - } + throws ERejectException { + String origExpDate_s = req.getExtDataInString("origNotAfter"); + // probably not for renewal + if (origExpDate_s == null) { + return; + } else { + CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); + } + CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); + BigInteger origExpDate_BI = new BigInteger(origExpDate_s); + Date origExpDate = new Date(origExpDate_BI.longValue()); + String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + int renew_grace_before = 0; + int renew_grace_after = 0; + BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); + BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s); + + // -1 means no limit + if (renew_grace_before_s == "") + renew_grace_before = -1; + else + renew_grace_before = Integer.parseInt(renew_grace_before_s); + + if (renew_grace_after_s == "") + renew_grace_after = -1; + else + renew_grace_after = Integer.parseInt(renew_grace_after_s); + + if (renew_grace_before > 0) + renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); + if (renew_grace_after > 0) + renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); + + Date current = CMS.getCurrentDate(); + long millisDiff = origExpDate.getTime() - current.getTime(); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); + + /* + * "days", if positive, has to be less than renew_grace_before + * "days", if negative, means already past expiration date, + * (abs value) has to be less than renew_grace_after + * if renew_grace_before or renew_grace_after are negative + * the one with negative value is ignored + */ + if (millisDiff >= 0) { + if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + " days after original cert expiration date")); + } + } else { + if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before + " days before and " + + renew_grace_after + " days after original cert expiration date")); + } + } } - public String getText(Locale locale) { String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER); - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", - renew_grace_before_s+" days before and "+ - renew_grace_after_s+" days after original cert expiration date"); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", + renew_grace_before_s + " days before and " + + renew_grace_after_s + " days after original cert expiration date"); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index f570c26e..2c578550 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -40,12 +39,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SigningAlgDefault; import com.netscape.cms.profile.def.UserSigningAlgDefault; - /** * This class implements the signing algorithm constraint. * It checks if the signing algorithm in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class SigningAlgConstraint extends EnrollConstraint { @@ -69,29 +67,28 @@ public class SigningAlgConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("SigningAlgConstraint: setConfig name=" + name + - " value=" + value); - - if(name.equals(CONFIG_ALGORITHMS_ALLOWED)) - { - StringTokenizer st = new StringTokenizer(value, ","); - while (st.hasMoreTokens()) { - String v = st.nextToken(); - if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); - } - } + CMS.debug("SigningAlgConstraint: setConfig name=" + name + + " value=" + value); + + if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { + StringTokenizer st = new StringTokenizer(value, ","); + while (st.hasMoreTokens()) { + String v = st.nextToken(); + if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); + } + } } mConfig.getSubStore("params").putString(name, value); } @@ -101,8 +98,8 @@ public class SigningAlgConstraint extends EnrollConstraint { if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { return new Descriptor(IDescriptor.STRING, null, DEF_CONFIG_ALGORITHMS, - CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); } return null; } @@ -112,13 +109,13 @@ public class SigningAlgConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateAlgorithmId algId = null; try { algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId.get(CertificateAlgorithmId.ALGORITHM); Vector mCache = new Vector(); StringTokenizer st = new StringTokenizer( @@ -132,7 +129,7 @@ public class SigningAlgConstraint extends EnrollConstraint { if (!mCache.contains(id.toString())) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), + getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString())); } } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java index 7ce32f00..477e99b9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Locale; @@ -38,12 +37,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; - /** * This class implements the subject name constraint. * It checks if the subject name in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class SubjectNameConstraint extends EnrollConstraint { @@ -56,13 +54,13 @@ public class SubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_PATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN")); } else { @@ -79,18 +77,18 @@ public class SubjectNameConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("SubjectNameConstraint: validate start"); CertificateSubjectName sn = null; try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameConstraint: validate cert subject ="+ + CMS.debug("SubjectNameConstraint: validate cert subject =" + sn.toString()); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name sn500 = null; @@ -98,31 +96,31 @@ public class SubjectNameConstraint extends EnrollConstraint { sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME); } catch (IOException e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } if (sn500 == null) { CMS.debug("SubjectNameConstraint: validate() - sn500 is null"); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } else { - CMS.debug("SubjectNameConstraint: validate() - sn500 "+ - CertificateSubjectName.DN_NAME + " = "+ - sn500.toString()); + CMS.debug("SubjectNameConstraint: validate() - sn500 " + + CertificateSubjectName.DN_NAME + " = " + + sn500.toString()); } if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) { - CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN)); + CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN)); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", - sn500.toString())); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", + sn500.toString())); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", getConfig(CONFIG_PATTERN)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java index b47e2230..1526686e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.util.Enumeration; import java.util.Locale; @@ -47,53 +46,52 @@ import com.netscape.cms.profile.def.NoDefault; * The config param "allowSameKeyRenewal" enables the * situation where if the publickey is not unique, and if * the subject DN is the same, that is a "renewal". - * + * * Another "feature" that is quoted out of this code is the * "revokeDupKeyCert" option, which enables the revocation * of certs that bear the same publickey as the enrolling - * request. Since this can potentially be abused, it is taken + * request. Since this can potentially be abused, it is taken * out and preserved in comments to allow future refinement. - * + * * @version $Revision$, $Date$ */ public class UniqueKeyConstraint extends EnrollConstraint { - /* - public static final String CONFIG_REVOKE_DUPKEY_CERT = - "revokeDupKeyCert"; - boolean mRevokeDupKeyCert = false; - */ - public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = - "allowSameKeyRenewal"; - boolean mAllowSameKeyRenewal = false; + /* + public static final String CONFIG_REVOKE_DUPKEY_CERT = + "revokeDupKeyCert"; + boolean mRevokeDupKeyCert = false; + */ + public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = + "allowSameKeyRenewal"; + boolean mAllowSameKeyRenewal = false; public ICertificateAuthority mCA = null; - public UniqueKeyConstraint() { - super(); - /* - addConfigName(CONFIG_REVOKE_DUPKEY_CERT); - */ - addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); - } + public UniqueKeyConstraint() { + super(); + /* + addConfigName(CONFIG_REVOKE_DUPKEY_CERT); + */ + addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); + } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { super.init(profile, config); mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public IDescriptor getConfigDescriptor(Locale locale, String name) - { - /* - if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); - } - */ - if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); - } + public IDescriptor getConfigDescriptor(Locale locale, String name) { + /* + if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); + } + */ + if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); + } return null; } @@ -106,169 +104,170 @@ public class UniqueKeyConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - boolean rejected = false; - int size = 0; - ICertRecordList list; + throws ERejectException { + boolean rejected = false; + int size = 0; + ICertRecordList list; - /* - mRevokeDupKeyCert = - getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); - */ - mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); + /* + mRevokeDupKeyCert = + getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); + */ + mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); try { CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + info.get(X509CertInfo.KEY); X509Key key = (X509Key) - infokey.get(CertificateX509Key.KEY); + infokey.get(CertificateX509Key.KEY); - // check for key uniqueness - byte pub[] = key.getEncoded(); - String pub_s = escapeBinaryData(pub); - String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")"; - list = - (ICertRecordList) - mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); - size = list.getSize(); + // check for key uniqueness + byte pub[] = key.getEncoded(); + String pub_s = escapeBinaryData(pub); + String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")"; + list = + (ICertRecordList) + mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); + size = list.getSize(); } catch (Exception e) { - throw new ERejectException( + throw new ERejectException( CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_INTERNAL_ERROR",e.toString())); - } - - /* - * It does not matter if the corresponding cert's status - * is valid or not, we don't want a key that was once - * generated before - */ - if (size > 0) { - CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); - - /* - The following code revokes the existing certs that have - the same public key as the one submitted for enrollment - request. However, it is not a good idea due to possible - abuse. It is therefore commented out. It is still - however still maintained for possible utilization at later - time - - // if configured to revoke duplicated key - // revoke cert - if (mRevokeDupKeyCert) { - try { - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - - // revoke the cert - BigInteger serialNum = cert.getSerialNumber(); - ICAService service = (ICAService) mCA.getCAService(); - - RevokedCertImpl crlEntry = - formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); - service.revokeCert(crlEntry); - CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); - } - } catch (Exception ex) { - CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); - } - } // revoke dupkey cert turned on - */ - - if (mAllowSameKeyRenewal == true) { - X500Name sjname_in_db = null; - X500Name sjname_in_req = null; - - try { - // get subject of request - CertificateSubjectName subName = - (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - - if (subName != null) { - - sjname_in_req = - (X500Name) subName.get(CertificateSubjectName.DN_NAME); - CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString()); - Enumeration e = list.getCertRecords(0, size-1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - String certDN = - cert.getSubjectDN().toString(); - CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN); - - sjname_in_db = new X500Name(certDN); - - if (sjname_in_db.equals(sjname_in_req) == false) { - rejected = true; - break; - } else { - rejected = false; - } - } // while - } else { //subName is null - rejected = true; - } - } catch (Exception ex1) { - CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString()); - rejected = true; - } // try - - } else { - rejected = true; - }// allowSameKeyRenewal - } // (size > 0) - - if (rejected == true) { - CMS.debug("UniqueKeyConstraint: rejected"); - throw new ERejectException( - CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DUPLICATE_KEY")); - } else { - CMS.debug("UniqueKeyConstraint: approved"); - } + getLocale(request), + "CMS_PROFILE_INTERNAL_ERROR", e.toString())); + } + + /* + * It does not matter if the corresponding cert's status + * is valid or not, we don't want a key that was once + * generated before + */ + if (size > 0) { + CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); + + /* + The following code revokes the existing certs that have + the same public key as the one submitted for enrollment + request. However, it is not a good idea due to possible + abuse. It is therefore commented out. It is still + however still maintained for possible utilization at later + time + + // if configured to revoke duplicated key + // revoke cert + if (mRevokeDupKeyCert) { + try { + Enumeration e = list.getCertRecords(0, size-1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + + // revoke the cert + BigInteger serialNum = cert.getSerialNumber(); + ICAService service = (ICAService) mCA.getCAService(); + + RevokedCertImpl crlEntry = + formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); + service.revokeCert(crlEntry); + CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); + } + } catch (Exception ex) { + CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); + } + } // revoke dupkey cert turned on + */ + + if (mAllowSameKeyRenewal == true) { + X500Name sjname_in_db = null; + X500Name sjname_in_req = null; + + try { + // get subject of request + CertificateSubjectName subName = + (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + + if (subName != null) { + + sjname_in_req = + (X500Name) subName.get(CertificateSubjectName.DN_NAME); + CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString()); + Enumeration e = list.getCertRecords(0, size - 1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + String certDN = + cert.getSubjectDN().toString(); + CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN); + + sjname_in_db = new X500Name(certDN); + + if (sjname_in_db.equals(sjname_in_req) == false) { + rejected = true; + break; + } else { + rejected = false; + } + } // while + } else { //subName is null + rejected = true; + } + } catch (Exception ex1) { + CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString()); + rejected = true; + } // try + + } else { + rejected = true; + }// allowSameKeyRenewal + } // (size > 0) + + if (rejected == true) { + CMS.debug("UniqueKeyConstraint: rejected"); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DUPLICATE_KEY")); + } else { + CMS.debug("UniqueKeyConstraint: approved"); + } } - /** + /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. - - protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { - CRLReasonExtension reasonExt = new CRLReasonExtension(reason); - CRLExtensions crlentryexts = new CRLExtensions(); - - try { - crlentryexts.set(CRLReasonExtension.NAME, reasonExt); - } catch (IOException e) { - CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); - - // throw new ECMSGWException( - // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); - - } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), - crlentryexts); - - return crlentry; - } - */ + * + * protected RevokedCertImpl formCRLEntry( + * BigInteger serialNo, RevocationReason reason) + * throws EBaseException { + * CRLReasonExtension reasonExt = new CRLReasonExtension(reason); + * CRLExtensions crlentryexts = new CRLExtensions(); + * + * try { + * crlentryexts.set(CRLReasonExtension.NAME, reasonExt); + * } catch (IOException e) { + * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); + * + * // throw new ECMSGWException( + * // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); + * + * } + * RevokedCertImpl crlentry = + * new RevokedCertImpl(serialNo, CMS.getCurrentDate(), + * crlentryexts); + * + * return crlentry; + * } + */ public String getText(Locale locale) { String params[] = { -/* - getConfig(CONFIG_REVOKE_DUPKEY_CERT), -*/ - }; + /* + getConfig(CONFIG_REVOKE_DUPKEY_CERT), + */ + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params); } @@ -285,12 +284,12 @@ public class UniqueKeyConstraint extends EnrollConstraint { } public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; + if (def instanceof NoDefault) + return true; if (def instanceof UniqueKeyConstraint) return true; - return false; + return false; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 72498d39..04429cc7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -55,13 +55,13 @@ import com.netscape.cms.profile.def.UserSubjectNameDefault; * It checks if the subject name in the certificate is * unique in the internal database, ie, no two certificates * have the same subject name. - * + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; + "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -69,14 +69,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -85,12 +85,12 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ + /** + * Checks if the key extension in the issued certificate + * is the same as the one in the certificate template. + */ private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); @@ -98,7 +98,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -110,9 +110,9 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } else { try { ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.class.getSimpleName()); + KeyUsageExtension.class.getSimpleName()); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -135,48 +135,47 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } - /** * Validates the request. The request is not modified * during the validation. - * - * Rules are as follows: + * + * Rules are as follows: * If the subject name is not unique, then the request will be rejected unless: * 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority)authority; + ICertificateAuthority ca = (ICertificateAuthority) authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -184,10 +183,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { - ICertRecord rec = sameSubjRecords.nextElement(); + ICertRecord rec = sameSubjRecords.nextElement(); String status = rec.getStatus(); IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -200,7 +199,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { Enumeration<Extension> enumx = crlExts.getElements(); while (enumx.hasMoreElements()) { - Extension ext = enumx.nextElement(); + Extension ext = enumx.nextElement(); if (ext instanceof CRLReasonExtension) { reason = ((CRLReasonExtension) ext).getReason(); @@ -213,8 +212,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && + (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } @@ -223,20 +222,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", + certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) + getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 95c32221..53fe471a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -40,12 +39,11 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; - /** * This class implements the validity constraint. * It checks if the validity in the certificate * template satisfies the criteria. - * + * * @version $Revision$, $Date$ */ public class ValidityConstraint extends EnrollConstraint { @@ -68,20 +66,20 @@ public class ValidityConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE) || - name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", name)); - } + } } super.setConfig(name, value); } @@ -108,7 +106,7 @@ public class ValidityConstraint extends EnrollConstraint { * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateValidity v = null; try { @@ -144,14 +142,14 @@ public class ValidityConstraint extends EnrollConstraint { long millisDiff = notAfter.getTime() - notBefore.getTime(); CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); - long long_days = (millisDiff / 1000 ) / 86400; - CMS.debug("ValidityConstraint: long_days: "+long_days); - int days = (int)long_days; - CMS.debug("ValidityConstraint: days: "+days); + long long_days = (millisDiff / 1000) / 86400; + CMS.debug("ValidityConstraint: long_days: " + long_days); + int days = (int) long_days; + CMS.debug("ValidityConstraint: days: " + days); if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) { throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", + "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", Integer.toString(days))); } @@ -167,7 +165,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) { notBeforeCheckStr = "false"; } - notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); + notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER); boolean notAfterCheck; @@ -175,7 +173,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notAfterCheckStr == null || notAfterCheckStr.equals("")) { notAfterCheckStr = "false"; } - notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); + notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD); if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) { @@ -186,7 +184,7 @@ public class ValidityConstraint extends EnrollConstraint { Date current = CMS.getCurrentDate(); if (notBeforeCheck) { if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) { - CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+ + CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " + "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")"); throw new ERejectException(CMS.getUserMessage(getLocale(request), "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 6f73cd52..1726ec6b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy + * This class implements an enrollment default policy * that populates Authuority Info Access extension. - * + * * @version $Revision$, $Date$ */ public class AuthInfoAccessExtDefault extends EnrollExtDefault { @@ -89,30 +87,30 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { + } + + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - } + } + } super.setConfig(name, value); } @@ -142,42 +140,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ADS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -186,45 +184,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); ext = (AuthInfoAccessExtension) - getExtension(oid.toString(), info); + getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -263,17 +258,17 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: "+ee.toString()); + CMS.debug("AuthInfoAccessExtDefault: " + ee.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_AIA_OID", method)); + locale, "CMS_PROFILE_DEF_AIA_OID", method)); } } } @@ -296,30 +291,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { AuthInfoAccessExtension ext = null; - if (name == null) { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -336,7 +330,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); @@ -345,11 +339,11 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return ""; int num = getNumAds(); - + CMS.debug("AuthInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -363,7 +357,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -402,7 +396,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -410,14 +404,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; + AuthInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -440,21 +434,21 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://"+hostname+":"+port+"/ca/ocsp"; + location = "http://" + hostname + ":" + port + "/ca/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java index a308e2eb..6c0f6e9f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,7 +34,6 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy that * populates subject name based on the attribute values @@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,8 +65,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { CMS.debug("AuthTokenSubjectNameDefault: begins"); if (name == null) { throw new EPropertyException(CMS.getUserMessage(locale, @@ -81,18 +79,18 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { x500name = new X500Name(value); CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); } } else { throw new EPropertyException(CMS.getUserMessage(locale, @@ -101,8 +99,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); if (name.equals(VAL_NAME)) { @@ -114,8 +112,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " + - e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: getValue " + + e.toString()); } throw new EPropertyException(CMS.getUserMessage(locale, "CMS_INVALID_PROPERTY", name)); @@ -126,7 +124,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); } @@ -134,7 +132,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index 869deed2..6ec75990 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Authority Key Identifier extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { @@ -56,29 +54,29 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_CRITICAL")); + "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_ID")); + "CMS_PROFILE_KEY_ID")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { @@ -86,40 +84,38 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } else if (name.equals(VAL_KEY_ID)) { // do nothing for read only value } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - AuthorityKeyIdentifierExtension ext = (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + PKIXExtensions.AuthorityKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + ext = + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { return null; @@ -131,8 +127,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } } else if (name.equals(VAL_KEY_ID)) { ext = - (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { // do something here @@ -147,11 +143,11 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { // CMS.debug(e.toString()); } - if (kid == null) + if (kid == null) return ""; return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -164,7 +160,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthorityKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); @@ -174,9 +170,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); + kid = getKeyIdentifier(info); } else { - kid = getCAKeyIdentifier(); + kid = getCAKeyIdentifier(); } if (kid == null) @@ -186,8 +182,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { try { ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java index 7ab05d75..043cf029 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that automatically assign request to agent. - * + * * @version $Revision$, $Date$ */ public class AutoAssignDefault extends EnrollDefault { @@ -48,15 +46,15 @@ public class AutoAssignDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_ASSIGN_TO)) { + return new Descriptor(IDescriptor.STRING, null, "admin", CMS.getUserMessage(locale, - "CMS_PROFILE_AUTO_ASSIGN")); + "CMS_PROFILE_AUTO_ASSIGN")); } else { return null; } @@ -67,29 +65,29 @@ public class AutoAssignDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); + getConfig(CONFIG_ASSIGN_TO)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - request.setRequestOwner( - mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); + request.setRequestOwner( + mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); } catch (Exception e) { // failed to insert subject name CMS.debug("AutoAssignDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java index 8c5d8094..c442bf57 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Basic Constraint extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtDefault extends EnrollExtDefault { @@ -64,21 +62,21 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } @@ -87,15 +85,15 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } else { @@ -104,39 +102,37 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { BasicConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); - + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); } else if (name.equals(VAL_IS_CA)) { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Boolean isCA = Boolean.valueOf(value); @@ -146,7 +142,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } Integer pathLen = Integer.valueOf(value); @@ -156,8 +152,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { throw new EPropertyException("Invalid name " + name); } replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { + ext, info); + } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -169,35 +165,34 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null,info); + + try { + populate(null, info); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -208,8 +203,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -218,41 +213,38 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return isCA.toString(); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) - getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } Integer pathLen = (Integer) - ext.get(BasicConstraintsExtension.PATH_LEN); - + ext.get(BasicConstraintsExtension.PATH_LEN); String pLen = null; pLen = pathLen.toString(); - if(pLen.equals("-2")) - { - //This is done for bug 621700. Profile constraints actually checks for -1 - //The low level security class for some reason sets this to -2 - //This will allow the request to be approved successfuly by the agent. + if (pLen.equals("-2")) { + //This is done for bug 621700. Profile constraints actually checks for -1 + //The low level security class for some reason sets this to -2 + //This will allow the request to be approved successfuly by the agent. - pLen = "-1"; + pLen = "-1"; } - + CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - + return pLen; - - } else { - throw new EPropertyException(CMS.getUserMessage( + } else { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -271,11 +263,11 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { BasicConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, - info); + info); } public BasicConstraintsExtension createExtension() { @@ -287,8 +279,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { int pathLen = -2; - - if(!pathLenStr.equals("") ) { + if (!pathLenStr.equals("")) { pathLen = Integer.valueOf(pathLenStr).intValue(); } @@ -296,8 +287,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { try { ext = new BasicConstraintsExtension(isCA, critical, pathLen); } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("BasicConstraintsExtDefault: createExtension " + + e.toString()); return null; } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 4b883f7f..872e3296 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -34,12 +33,11 @@ import netscape.security.x509.X509Key; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; - /** - * This class implements an abstract CA specific + * This class implements an abstract CA specific * Enrollment default. This policy can only be * used with CA subsystem. - * + * * @version $Revision$, $Date$ */ public abstract class CAEnrollDefault extends EnrollDefault { @@ -48,8 +46,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { public KeyIdentifier getKeyIdentifier(X509CertInfo info) { try { - CertificateX509Key ckey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + CertificateX509Key ckey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); @@ -59,35 +57,35 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (IOException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } catch (CertificateException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } catch (NoSuchAlgorithmException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } return null; } public KeyIdentifier getCAKeyIdentifier() { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; + // during configuration, we dont have the CA certificate + return null; } X509Key key = (X509Key) caCert.getPublicKey(); SubjectKeyIdentifierExtension subjKeyIdExt = - (SubjectKeyIdentifierExtension) - caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); + (SubjectKeyIdentifierExtension) + caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); if (subjKeyIdExt != null) { try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - return keyId; + KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( + SubjectKeyIdentifierExtension.KEY_ID); + return keyId; } catch (IOException e) { } } @@ -101,7 +99,7 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + - e.toString()); + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java index 8bf4c75f..e3b834ce 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -39,7 +38,6 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements a CA signing cert enrollment default policy * that populates a server-side configurable validity @@ -49,11 +47,11 @@ import com.netscape.certsrv.request.IRequest; public class CAValidityDefault extends EnrollDefault { public static final String CONFIG_RANGE = "range"; public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String VAL_NOT_BEFORE = "notBefore"; public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; + public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; @@ -72,28 +70,28 @@ public class CAValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mCA = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } super.setConfig(name, value); } @@ -101,16 +99,16 @@ public class CAValidityDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { return new Descriptor(IDescriptor.STRING, - null, + null, "2922", /* 8 years */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { return new Descriptor(IDescriptor.STRING, - null, + null, "60", /* 1 minute */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -138,21 +136,21 @@ public class CAValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { + if (value == null || value.equals("")) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - CMS.debug("CAValidityDefault: setValue name= "+ name); + CMS.debug("CAValidityDefault: setValue name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -161,15 +159,15 @@ public class CAValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_BEFORE, - date); + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -178,7 +176,7 @@ public class CAValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_AFTER, - date); + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -186,23 +184,23 @@ public class CAValidityDefault extends EnrollDefault { } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity); + CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity); BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); return; } try { Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); - if(isCA.booleanValue() != true) { + if (isCA.booleanValue() != true) { CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); return; } } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString()); + CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString()); return; } @@ -210,7 +208,7 @@ public class CAValidityDefault extends EnrollDefault { Date notAfter = null; try { validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); @@ -220,7 +218,7 @@ public class CAValidityDefault extends EnrollDefault { // not to exceed CA's expiration Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); + mCA.getSigningUnit().getCertImpl().getNotAfter(); if (notAfter.after(caNotAfter)) { if (bypassCAvalidity == false) { @@ -232,7 +230,7 @@ public class CAValidityDefault extends EnrollDefault { } try { validity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -243,19 +241,19 @@ public class CAValidityDefault extends EnrollDefault { locale, "CMS_INVALID_PROPERTY", name)); } } - + public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); - CMS.debug("CAValidityDefault: getValue: name= "+ name); + CMS.debug("CAValidityDefault: getValue: name= " + name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -269,8 +267,8 @@ public class CAValidityDefault extends EnrollDefault { locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -298,19 +296,19 @@ public class CAValidityDefault extends EnrollDefault { getConfig(CONFIG_BYPASS_CA_NOTAFTER) }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("CAValidityDefault: populate " + e.toString()); } @@ -325,7 +323,7 @@ public class CAValidityDefault extends EnrollDefault { try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + + notAfterVal = notBefore.getTime() + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct @@ -335,8 +333,8 @@ public class CAValidityDefault extends EnrollDefault { } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java index 5a551033..a95ec6b7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,12 +44,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a CRL Distribution points extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { @@ -84,32 +82,31 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -147,39 +144,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } - if (num >= MAX_NUM_POINTS) + if (num >= MAX_NUM_POINTS) num = DEF_NUM_POINTS; return num; } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { @@ -193,12 +190,12 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { @@ -207,47 +204,45 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { CRLDistributionPointsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (CRLDistributionPointsExtension) getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } if (name.equals(VAL_CRITICAL)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -285,7 +280,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); ext.setCritical(critical); @@ -295,51 +290,51 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (type.equals(RELATIVETOISSUER)) { cdp.setRelativeName(new RDN(value)); } else if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { @@ -349,20 +344,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + - e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } } - private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { if (value == null || value.length() == 0) return; if (type.equals(REASONS)) { @@ -376,7 +371,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (r == null) { CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", s)); } else { reasonBits |= r.getBitMask(); @@ -384,47 +379,46 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] {reasonBits} - ); + BitArray ba = new BitArray(8, new byte[] { reasonBits } + ); cdp.setReasons(ba); } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { CRLDistributionPointsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (CRLDistributionPointsExtension) getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + info); - if(ext == null) - { + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) { return null; @@ -434,10 +428,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (CRLDistributionPointsExtension) - getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) return ""; @@ -451,7 +445,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -461,10 +455,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -482,7 +476,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -551,14 +545,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (reasons != null) { byte[] b = reasons.toByteArray(); Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - + for (int i = 0; i < reasonArray.length; i++) { if (sb.length() > 0) sb.append(","); sb.append(reasonArray[i].getName()); } } - + return sb.toString(); } @@ -589,8 +583,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -599,29 +593,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(locale); if (ext == null) return; addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + ext, info); } + /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + ext, info); } public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; + CRLDistributionPointsExtension ext = null; int num = 0; try { @@ -631,8 +626,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String reasons = getConfig(CONFIG_REASONS + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); @@ -644,7 +639,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(getLocale(request), cdp, issuerType, issuerName); if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); + addReasons(getLocale(request), cdp, REASONS, reasons); if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); @@ -656,7 +651,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + e.toString()); CMS.debug(e); } @@ -698,7 +693,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + - e.toString()); + e.toString()); CMS.debug(e); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index 63a4d303..4949c2ca 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -1,4 +1,3 @@ - // --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -18,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -52,7 +50,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates a policy mappings extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class CertificatePoliciesExtDefault extends EnrollExtDefault { @@ -122,33 +120,32 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POLICIES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -166,22 +163,22 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int numQualifiers = getNumQualifiers(); addConfigName(CONFIG_POLICY_NUM); - + for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); - for (int j=0; j<numQualifiers; j++) { - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); + for (int j = 0; j < numQualifiers; j++) { + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); } } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, @@ -189,16 +186,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -225,8 +222,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { return new Descriptor(IDescriptor.INTEGER, null, - "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); + "5", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); } return null; } @@ -234,7 +231,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_POLICY_QUALIFIERS)) { @@ -253,126 +250,126 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int index = token.indexOf(":"); if (index <= 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); + "CMS_INVALID_PROPERTY", token)); String name = token.substring(0, index); String val = ""; - if ((token.length()-1) > index) { - val = token.substring(index+1); + if ((token.length() - 1) > index) { + val = token.substring(index + 1); } table.put(name, val); - } - + } + return table; } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext.setCritical(val); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); - + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); + Hashtable<String, String> h = buildRecords(value); - String numStr = (String)h.get(CONFIG_POLICY_NUM); + String numStr = (String) h.get(CONFIG_POLICY_NUM); int size = Integer.parseInt(numStr); Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); for (int i = 0; i < size; i++) { - String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); CertificatePolicyInfo cinfo = null; if (enable != null && enable.equals("true")) { - String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - if (policyId == null || policyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( + if (policyId == null || policyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); - for (int j=0; j<num; j++) { - String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + for (int j = 0; j < num; j++) { + String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } else if (usernoticeEnable != null && enable.equals("true")) { - String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); - String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + noticenumbers, explicitText); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } } if (policyQualifiers.size() <= 0) { cinfo = - new CertificatePolicyInfo(cpolicyId); + new CertificatePolicyInfo(cpolicyId); } else { cinfo = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } if (cinfo != null) - certificatePolicies.addElement(cinfo); + certificatePolicies.addElement(cinfo); } } ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) { return null; @@ -382,10 +379,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { ext = (CertificatePoliciesExtension) - getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - info); + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) return ""; @@ -396,14 +393,14 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(num_policies); sb.append("\n"); - - Vector<CertificatePolicyInfo> infos ; + + Vector<CertificatePolicyInfo> infos; try { @SuppressWarnings("unchecked") - Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>)ext.get(CertificatePoliciesExtension.INFOS); + Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS); infos = certPolicyInfos; } catch (IOException ee) { - infos =null; + infos = null; } for (int i = 0; i < num_policies; i++) { @@ -411,70 +408,70 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { String policyId = ""; String policyEnable = "false"; PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = - infos.elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); + if (infos.size() > 0) { + CertificatePolicyInfo cinfo = + infos.elementAt(0); + + CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); policyId = id1.getIdentifier().toString(); policyEnable = "true"; qualifiers = cinfo.getPolicyQualifiers(); if (qualifiers != null) - qSize = qualifiers.size(); + qSize = qualifiers.size(); infos.removeElementAt(0); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); sb.append(":"); sb.append(policyEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); sb.append(":"); sb.append(policyId); sb.append("\n"); - + if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(DEF_NUM_QUALIFIERS); sb.append("\n"); } else { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(qSize); sb.append("\n"); } if (qSize == 0) { - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(""); sb.append("\n"); } - for (int j=0; j<qSize; j++) { + for (int j = 0; j < qSize; j++) { netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); ObjectIdentifier oid = qinfo.getId(); Qualifier qualifier = qinfo.getQualifier(); - + String cpsuriEnable = "false"; String usernoticeEnable = "false"; String cpsuri = ""; @@ -484,16 +481,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { cpsuriEnable = "true"; - CPSuri content = (CPSuri)qualifier; - cpsuri = content.getURI(); + CPSuri content = (CPSuri) qualifier; + cpsuri = content.getURI(); } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { usernoticeEnable = "true"; - UserNotice content = (UserNotice)qualifier; + UserNotice content = (UserNotice) qualifier; NoticeReference ref = content.getNoticeReference(); if (ref != null) { org = ref.getOrganization().getText(); int[] nums = ref.getNumbers(); - for (int k=0; k<nums.length; k++) { + for (int k = 0; k < nums.length; k++) { if (k != 0) { noticeNum.append(","); noticeNum.append(nums[k]); @@ -506,27 +503,27 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { explicitText = displayText.getText(); } - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append(cpsuriEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(cpsuri); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append(usernoticeEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); - sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(explicitText); sb.append("\n"); @@ -534,7 +531,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } // end of for loop return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -552,7 +549,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(","); for (int i = 0; i < num; i++) { sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); sb.append(POLICY_ID_ENABLE + ":"); sb.append(enable); @@ -562,18 +559,18 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(policyId); sb.append(","); String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":"); + sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); sb.append(qualifiersNum); sb.append(","); - for (int j=0; j<num1; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < num1; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); sb.append("{"); String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); sb.append(cpsuriEnable); sb.append(","); String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":"); + sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); sb.append(usernoticeEnable); sb.append(","); String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); @@ -596,9 +593,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("}"); } sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } catch (Exception e) { return ""; } @@ -608,72 +605,72 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificatePoliciesExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + ext, info); } - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; + public CertificatePoliciesExtension createExtension() + throws EProfileException { + CertificatePoliciesExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>(); int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num); + CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num); IConfigStore config = getConfigStore(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i); String enable = substore.getString(CONFIG_POLICY_ENABLE); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable); if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j=0; j<qualifierNum; j++) { - IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + for (int j = 0; j < qualifierNum; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j); String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null && + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null && usernoticeEnable.equals("true")) { String org = substore1.getString(CONFIG_USERNOTICE_ORG); String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, - noticenumbers, explicitText); + noticenumbers, explicitText); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } } - + CertificatePolicyInfo info = null; if (policyQualifiers.size() <= 0) { - info = - new CertificatePolicyInfo(cpolicyId); + info = + new CertificatePolicyInfo(cpolicyId); } else { - info = - new CertificatePolicyInfo(cpolicyId, policyQualifiers); + info = + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } - + if (info != null) - certificatePolicies.addElement(info); + certificatePolicies.addElement(info); } } @@ -683,51 +680,51 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } catch (EProfileException e) { throw e; } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " + - e.toString()); + CMS.debug("CertificatePoliciesExtDefault: createExtension " + + e.toString()); } return ext; } - private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException { + private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException { if (policyId == null || policyId.length() == 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = null; try { cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); + ObjectIdentifier.getObjectIdentifier(policyId)); return cpolicyId; } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); + "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); } } private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { - if (uri == null || uri.length() == 0) + if (uri == null || uri.length() == 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); - CPSuri cpsURI = new CPSuri(uri); + CPSuri cpsURI = new CPSuri(uri); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); - + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + return policyQualifierInfo2; } - private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, - String noticeText, String noticeNums) throws EPropertyException { - - if ((organization == null || organization.length() == 0) && - (noticeNums == null || noticeNums.length() == 0) && - (noticeText == null || noticeText.length() == 0)) + private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, + String noticeText, String noticeNums) throws EPropertyException { + + if ((organization == null || organization.length() == 0) && + (noticeNums == null || noticeNums.length() == 0) && + (noticeText == null || noticeText.length() == 0)) return null; DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) + if (noticeText != null && noticeText.length() > 0) explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); int nums[] = null; @@ -753,7 +750,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { DisplayText orgName = null; if (organization != null && organization.length() > 0) { orgName = - new DisplayText(DisplayText.tag_VisibleString, organization); + new DisplayText(DisplayText.tag_VisibleString, organization); } NoticeReference noticeReference = null; @@ -763,10 +760,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { UserNotice userNotice = null; if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice (noticeReference, explicitText); + userNotice = new UserNotice(noticeReference, explicitText); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java index f3b68594..d30f971d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java @@ -37,7 +37,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates a Netscape comment extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class CertificateVersionDefault extends EnrollExtDefault { @@ -54,11 +54,11 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_VERSION)) { return new Descriptor(IDescriptor.INTEGER, null, "3", @@ -69,14 +69,14 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } + } } super.setConfig(name, value); } @@ -92,32 +92,32 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { if (value == null || value.equals("")) - throw new EPropertyException(name+" cannot be empty"); + throw new EPropertyException(name + " cannot be empty"); else { - int version = Integer.valueOf(value).intValue()-1; - + int version = Integer.valueOf(value).intValue() - 1; + if (version == CertificateVersion.V1) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { @@ -128,30 +128,30 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { CertificateVersion v = null; - try { - v = (CertificateVersion)info.get( - X509CertInfo.VERSION); + try { + v = (CertificateVersion) info.get( + X509CertInfo.VERSION); } catch (Exception e) { } if (v == null) - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); int version = v.compare(0); - - return ""+(version+1); + + return "" + (version + 1); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -168,26 +168,26 @@ public class CertificateVersionDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue()-1; - + int version = Integer.valueOf(v).intValue() - 1; + try { if (version == CertificateVersion.V1) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V1)); + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V2)); + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); else { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); } } catch (IOException e) { } catch (CertificateException e) { - } + } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index 239765ab..855cd92c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -60,10 +60,9 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { @@ -99,7 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } /** * Retrieves the localizable description of this policy. - * + * * @param locale locale of the end user * @return localized description of this default policy */ public abstract String getText(Locale locale); - public IConfigStore getConfigStore() { return mConfig; } @@ -147,60 +145,60 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Populates attributes into the certificate template. - * + * * @param request enrollment request * @param info certificate template - * @exception EProfileException failed to populate attributes - * into request + * @exception EProfileException failed to populate attributes + * into request */ public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; + throws EProfileException; /** * Sets values from the approval page into certificate template. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template * @param value attribute value - * @exception EProfileException failed to set attributes - * into request + * @exception EProfileException failed to set attributes + * into request */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException; + public abstract void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException; /** * Retrieves certificate template values and returns them to * the approval page. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template - * @exception EProfileException failed to get attributes - * from request + * @exception EProfileException failed to get attributes + * from request */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException; + public abstract String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException; /** * Populates the request with this policy default. - * + * * The current implementation extracts enrollment specific attributes * and calls the populate() method of the subclass. - * + * * @param request request to be populated * @exception EProfileException failed to populate */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": populate start"); X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); populate(request, info); @@ -222,21 +220,21 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Sets the value of the given value property by name. - * + * * The current implementation extracts enrollment specific attributes * and calls the setValue() method of the subclass. - * + * * @param name name of property * @param locale locale of the end user * @param request request * @param value value to be set in the given request * @exception EPropertyException failed to set property */ - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); setValue(name, locale, info, value); @@ -246,19 +244,19 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe /** * Retrieves the value of the given value * property by name. - * + * * The current implementation extracts enrollment specific attributes * and calls the getValue() method of the subclass. - * + * * @param name name of property * @param locale locale of the end user * @param request request * @exception EPropertyException failed to get property */ public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { X509CertInfo info = - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); String value = getValue(name, locale, info); request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); @@ -279,8 +277,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); + mConfigNames.removeAllElements(); + mValueNames.removeAllElements(); } protected void deleteExtension(String name, X509CertInfo info) { @@ -294,7 +292,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe Enumeration<String> e = exts.getNames(); while (e.hasMoreElements()) { - String n = e.nextElement(); + String n = e.nextElement(); Extension ext = (Extension) exts.get(n); if (ext.getExtensionId().toString().equals(name)) { @@ -336,18 +334,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { if (ext == null) { throw new EProfileException("extension not found"); } CertificateExtensions exts = null; - Extension alreadyPresentExtension = getExtension(name,info); + Extension alreadyPresentExtension = getExtension(name, info); if (alreadyPresentExtension != null) { String eName = ext.toString(); CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); - throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName)); + throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName)); } try { @@ -367,7 +365,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } protected void replaceExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { deleteExtension(name, info); addExtension(name, ext, info); } @@ -392,65 +390,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return getInt(getConfig(value)); } - protected boolean isGeneralNameValid(String name) - { + protected boolean isGeneralNameValid(String name) { if (name == null) - return false; + return false; int pos = name.indexOf(':'); if (pos == -1) - return false; + return false; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); if (nameValue.equals("")) - return false; + return false; return true; } protected GeneralNameInterface parseGeneralName(String name) - throws IOException { + throws IOException { int pos = name.indexOf(':'); if (pos == -1) - return null; + return null; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); return parseGeneralName(nameType, nameValue); } - protected boolean isGeneralNameType(String nameType) - { + protected boolean isGeneralNameType(String nameType) { if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DNSName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("x400")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("URIName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("IPAddress")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OIDName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OtherName")) { - return true; + return true; } return false; } protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) - throws IOException - { + throws IOException { if (nameType.equalsIgnoreCase("RFC822Name")) { return new RFC822Name(nameValue); } @@ -458,7 +453,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return new DNSName(nameValue); } if (nameType.equalsIgnoreCase("x400")) { - // XXX + // XXX } if (nameType.equalsIgnoreCase("DirectoryName")) { return new X500Name(nameValue); @@ -476,153 +471,153 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe StringTokenizer st = new StringTokenizer(nameValue, "/"); String addr = st.nextToken(); String netmask = st.nextToken(); - CMS.debug("addr:" + addr +" netmask: "+netmask); + CMS.debug("addr:" + addr + " netmask: " + netmask); return new IPAddressName(addr, netmask); - } else { + } else { return new IPAddressName(nameValue); - } + } } if (nameType.equalsIgnoreCase("OIDName")) { try { - // check if OID - ObjectIdentifier oid = new ObjectIdentifier(nameValue); + // check if OID + ObjectIdentifier oid = new ObjectIdentifier(nameValue); } catch (Exception e) { - return null; + return null; } return new OIDName(nameValue); - } + } if (nameType.equals("OtherName")) { if (nameValue == null || nameValue.length() == 0) nameValue = " "; if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); - } else { - return null; - } + // format: OtherName: (PrintableString)oid,value + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(KerberosName)")) { // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector<String> strings = new Vector<String>(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf('|'); + int pos2 = nameValue.lastIndexOf('|'); + String realm = nameValue.substring(pos0 + 1, pos1).trim(); + String name_type = nameValue.substring(pos1 + 1, pos2).trim(); + String name_strings = nameValue.substring(pos2 + 1).trim(); + Vector<String> strings = new Vector<String>(); + StringTokenizer st = new StringTokenizer(name_strings, ","); + while (st.hasMoreTokens()) { + strings.addElement(st.nextToken()); + } + KerberosName name = new KerberosName(realm, + Integer.parseInt(name_type), strings); + // krb5 OBJECT IDENTIFIER ::= { iso (1) + // org (3) + // dod (6) + // internet (1) + // security (5) + // kerberosv5 (2) } + // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } + return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, + name.toByteArray()); } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + CMS.debug("OID: " + on_oid + " Value:" + on_value); + return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); + } else { + CMS.debug("Invalid OID " + on_oid); + return null; + } } else { - return null; + return null; } } return null; } -/** - * Converts string containing pairs of characters in the range of '0' - * to '9', 'a' to 'f' to an array of bytes such that each pair of - * characters in the string represents an individual byte - */ + /** + * Converts string containing pairs of characters in the range of '0' + * to '9', 'a' to 'f' to an array of bytes such that each pair of + * characters in the string represents an individual byte + */ public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[ (stringLength / 2) ]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte)Integer.parseInt(nextByte, 0x10); - } - return bytes; + if (string == null) + return null; + int stringLength = string.length(); + if ((stringLength == 0) || ((stringLength % 2) != 0)) + return null; + byte[] bytes = new byte[(stringLength / 2)]; + for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { + String nextByte = string.substring(i, (i + 2)); + bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); + } + return bytes; } /** * Check if a object identifier in string form is valid, * that is a string in the form n.n.n.n and der encode and decode-able. + * * @param oid object identifier string. * @return true if the oid is valid */ - public boolean isValidOID(String oid) - { - ObjectIdentifier v = null; + public boolean isValidOID(String oid) { + ObjectIdentifier v = null; try { v = ObjectIdentifier.getObjectIdentifier(oid); } catch (Exception e) { - return false; + return false; } if (v == null) - return false; + return false; // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. @@ -632,7 +627,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe derOut.putOID(v); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - return false; + return false; } return true; } @@ -641,7 +636,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe StringBuffer sb = new StringBuffer(); for (int i = 0; i < recs.size(); i++) { - NameValuePairs pairs = recs.elementAt(i); + NameValuePairs pairs = recs.elementAt(i); sb.append("Record #"); sb.append(i); @@ -658,7 +653,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe sb.append("\r\n"); } sb.append("\r\n"); - + } return sb.toString(); } @@ -670,15 +665,15 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe NameValuePairs nvps = null; while (st.hasMoreTokens()) { - String token = st.nextToken(); + String token = st.nextToken(); if (token.equals("Record #" + num)) { CMS.debug("parseRecords: Record" + num); nvps = new NameValuePairs(); v.addElement(nvps); try { - token = st.nextToken(); - } catch (NoSuchElementException e) { + token = st.nextToken(); + } catch (NoSuchElementException e) { v.removeElementAt(num); CMS.debug(e.toString()); return v; @@ -688,7 +683,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe if (nvps == null) throw new EPropertyException("Bad Input Format"); - + int pos = token.indexOf(":"); if (pos <= 0) { @@ -706,8 +701,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return v; } - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { + protected String getGeneralNameType(GeneralName gn) + throws EPropertyException { int type = gn.getType(); if (type == GeneralNameInterface.NAME_RFC822) @@ -762,17 +757,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } public String toGeneralNameString(GeneralNameInterface gn) { - int type = gn.getType(); + int type = gn.getType(); // Sun's General Name is not consistent, so we need // to do a special case for directory string if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); + return "DirectoryName: " + gn.toString(); } return gn.toString(); } protected String mapPattern(IRequest request, String pattern) - throws IOException { + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -781,30 +776,32 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return p.substitute2("request", attrSet); } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || nextC == '<' || nextC == '>' || nextC == '#' || nextC == ';' || nextC == '\r' || nextC == '\n' || nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -812,10 +809,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } - + } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java index 7cf2a359..24f79cde 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java @@ -17,14 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - - - /** - * This class implements an enrollment extension + * This class implements an enrollment extension * default policy that extension into the certificate * template. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollExtDefault extends EnrollDefault { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java index 62d21cc8..15dec541 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Extended Key Usage extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { @@ -60,17 +58,17 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); } @@ -91,51 +89,49 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { ExtendedKeyUsageExtension ext = null; - ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - } - if (name == null) { + } + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); + getExtension(ExtendedKeyUsageExtension.OID, info); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); + ext.setCritical(val); } else if (name.equals(VAL_OIDS)) { ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); // ext.deleteAllOIDs(); StringTokenizer st = new StringTokenizer(value, ","); - if(ext == null) { + if (ext == null) { return; } while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } } else { throw new EPropertyException(CMS.getUserMessage( @@ -151,8 +147,8 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -160,23 +156,21 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension(ExtendedKeyUsageExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { return null; @@ -188,20 +182,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_OIDS)) { ext = (ExtendedKeyUsageExtension) - getExtension(ExtendedKeyUsageExtension.OID, info); + getExtension(ExtendedKeyUsageExtension.OID, info); StringBuffer sb = new StringBuffer(); - if(ext == null) { + if (ext == null) { return ""; } Enumeration e = ext.getOIDs(); while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) - e.nextElement(); + e.nextElement(); if (!sb.toString().equals("")) { sb.append(","); - } + } sb.append(oid.toString()); } return sb.toString(); @@ -213,11 +207,11 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); } @@ -225,20 +219,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { ExtendedKeyUsageExtension ext = createExtension(); addExtension(ExtendedKeyUsageExtension.OID, ext, info); } public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; + ExtendedKeyUsageExtension ext = null; try { ext = new ExtendedKeyUsageExtension(); } catch (Exception e) { CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + - e.toString()); + e.toString()); } if (ext == null) return null; @@ -250,7 +244,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java index 13af0426..d5ac9247 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,12 +41,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates Freshest CRL extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class FreshestCRLExtDefault extends EnrollExtDefault { @@ -61,8 +59,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = - "freshestCRLPointsValue"; + public static final String VAL_CRL_DISTRIBUTION_POINTS = + "freshestCRLPointsValue"; private static final String POINT_TYPE = "Point Type"; private static final String POINT_NAME = "Point Name"; @@ -78,12 +76,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - protected int getNumPoints() { int num = DEF_NUM_POINTS; String val = getConfig(CONFIG_NUM_POINTS); @@ -103,26 +100,25 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -149,47 +145,47 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { @@ -198,39 +194,39 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { FreshestCRLExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); + info); - if(ext == null) { - populate(locale,info); + if (ext == null) { + populate(locale, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -266,7 +262,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new FreshestCRLExtension(cdp); ext.setCritical(critical); @@ -276,100 +272,99 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, - String value) throws EPropertyException { + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type,value)); + gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + - e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { FreshestCRLExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(locale,info); + populate(locale, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) { return null; @@ -379,10 +374,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { ext = (FreshestCRLExtension) - getExtension(FreshestCRLExtension.OID, - info); + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) return ""; @@ -395,7 +390,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -404,10 +399,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } recs.addElement(pairs); } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -424,7 +419,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) - throws EPropertyException { + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -495,8 +490,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -505,7 +500,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(request); if (ext == null) @@ -519,14 +514,14 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); + ext.setCritical(critical); num = getNumPoints(); for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); String issuerName = getConfig(CONFIG_ISSUER_NAME + i); @@ -537,12 +532,12 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(getLocale(request), cdp, issuerType, issuerName); - ext.addPoint(cdp); + ext.addPoint(cdp); } } } catch (Exception e) { CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + e.toString()); } return ext; @@ -552,7 +547,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(locale); if (ext == null) @@ -589,7 +584,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } catch (Exception e) { CMS.debug("FreshestCRLExtDefault: createExtension " + - e.toString()); + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java index 4051f31a..1797091b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.util.DerOutputStream; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Netscape comment extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class GenericExtDefault extends EnrollExtDefault { @@ -62,13 +60,13 @@ public class GenericExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { @@ -86,7 +84,7 @@ public class GenericExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DATA)) { @@ -99,13 +97,13 @@ public class GenericExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -114,28 +112,28 @@ public class GenericExtDefault extends EnrollExtDefault { ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { + ext.setCritical(val); + } else if (name.equals(VAL_DATA)) { ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } byte data[] = getBytes(value); - ext.setExtensionValue(data); + ext.setExtensionValue(data); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -146,12 +144,12 @@ public class GenericExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -160,14 +158,13 @@ public class GenericExtDefault extends EnrollExtDefault { ext = (Extension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -185,7 +182,7 @@ public class GenericExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DATA)) { + } else if (name.equals(VAL_DATA)) { ext = (Extension) getExtension(oid.toString(), info); @@ -197,17 +194,17 @@ public class GenericExtDefault extends EnrollExtDefault { if (data == null) return ""; - + return toStr(data); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID), getConfig(CONFIG_DATA) }; @@ -218,10 +215,10 @@ public class GenericExtDefault extends EnrollExtDefault { public String toStr(byte data[]) { StringBuffer b = new StringBuffer(); for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int)(data[i] & 0xff), 0x10)); + if ((data[i] & 0xff) < 16) { + b.append("0"); + } + b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); } return b.toString(); } @@ -230,14 +227,14 @@ public class GenericExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { Extension ext = createExtension(request); addExtension(ext.getExtensionId().toString(), ext, info); } public Extension createExtension(IRequest request) { - Extension ext = null; + Extension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -250,13 +247,13 @@ public class GenericExtDefault extends EnrollExtDefault { data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); } - DerOutputStream out = new DerOutputStream(); + DerOutputStream out = new DerOutputStream(); out.putOctetString(data); ext = new Extension(oid, critical, out.toByteArray()); } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + - e.toString()); + CMS.debug("GenericExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java index 5bb8abd4..16a7ac40 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that shows an image in the approval page. - * + * * @version $Revision$, $Date$ */ public class ImageDefault extends EnrollDefault { @@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -68,12 +66,12 @@ public class ImageDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( @@ -89,19 +87,19 @@ public class ImageDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" ); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index c6bbc7f7..97cfb3ff 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.math.BigInteger; import java.util.Locale; @@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an inhibit Any-Policy extension - * + * * @version $Revision$, $Date$ */ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { @@ -61,31 +59,31 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } + } } super.setConfig(name, value); } @@ -93,36 +91,36 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { InhibitAnyPolicyExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -133,7 +131,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_SKIP_CERTS)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -150,48 +148,47 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { BigInteger l = new BigInteger(value); num = new BigInt(l); } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ext = new InhibitAnyPolicyExtension(critical, - num); + num); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } InhibitAnyPolicyExtension ext = - (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; @@ -203,17 +200,17 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_SKIP_CERTS)) { ext = (InhibitAnyPolicyExtension) - getExtension(InhibitAnyPolicyExtension.OID, info); + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; } BigInt n = ext.getSkipCerts(); - return ""+n.toInt(); + return "" + n.toInt(); } else { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); - } + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } } /* @@ -221,20 +218,20 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { * a profile */ public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); + StringBuffer sb = new StringBuffer(); sb.append(SKIP_CERTS + ":"); sb.append(getConfig(CONFIG_SKIP_CERTS)); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; ext = createExtension(request); @@ -242,7 +239,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; boolean critical = Boolean.valueOf( @@ -259,7 +256,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { val = new BigInt(b); } catch (NumberFormatException e) { throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); + CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); } try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index 40bd4876..e2355dc6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,12 +38,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a issuer alternative name extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class IssuerAltNameExtDefault extends EnrollExtDefault { @@ -67,25 +65,25 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); } else { return null; } @@ -93,11 +91,11 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -106,13 +104,13 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { IssuerAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -120,20 +118,19 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - + if (name.equals(VAL_CRITICAL)) { - ext = + ext = (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); @@ -145,7 +142,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = + ext = (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); @@ -166,34 +163,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -201,23 +198,22 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { (IssuerAlternativeNameExtension) getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -228,16 +224,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (IssuerAlternativeNameExtension) - getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if(ext == null) - { + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + if (ext == null) { return ""; } GeneralNames names = (GeneralNames) - ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); + ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); StringBuffer sb = new StringBuffer(); Enumeration<GeneralNameInterface> e = names.elements(); @@ -246,17 +241,17 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { if (!sb.toString().equals("")) { sb.append("\r\n"); - } + } sb.append(toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("IssuerAltNameExtDefault: getValue " + + e.toString()); } return null; } @@ -275,7 +270,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { IssuerAlternativeNameExtension ext = null; try { @@ -284,35 +279,35 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; + public IssuerAlternativeNameExtension createExtension(IRequest request) + throws IOException { + IssuerAlternativeNameExtension ext = null; try { ext = new IssuerAlternativeNameExtension(); } catch (Exception e) { CMS.debug(e.toString()); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } boolean critical = Boolean.valueOf( - getConfig(CONFIG_CRITICAL)).booleanValue(); + getConfig(CONFIG_CRITICAL)).booleanValue(); String pattern = getConfig(CONFIG_PATTERN); if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); + GeneralNames gn = new GeneralNames(); String gname = ""; - if(request != null) { + if (request != null) { gname = mapPattern(request, pattern); } gn.addElement(parseGeneralName( - getConfig(CONFIG_TYPE) + ":" + gname)); + getConfig(CONFIG_TYPE) + ":" + gname)); ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java index c8ed9281..1bfda9ad 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,25 +33,24 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Key Usage extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -60,14 +58,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = - "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = - "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = - "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = - "keyUsageDataEncipherment"; + public static final String VAL_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String VAL_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String VAL_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String VAL_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; @@ -100,21 +98,21 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { @@ -152,15 +150,15 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { @@ -197,158 +195,157 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { KeyUsageExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); } else if (name.equals(VAL_NON_REPUDIATION)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.NON_REPUDIATION, val); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); } else if (name.equals(VAL_KEY_AGREEMENT)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_AGREEMENT, val); } else if (name.equals(VAL_KEY_CERTSIGN)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_CERTSIGN, val); } else if (name.equals(VAL_CRL_SIGN)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.CRL_SIGN, val); } else if (name.equals(VAL_ENCIPHER_ONLY)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); } else if (name.equals(VAL_DECIPHER_ONLY)) { ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DECIPHER_ONLY, val); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } KeyUsageExtension ext = (KeyUsageExtension) getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; @@ -360,117 +357,117 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); + ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); return val.toString(); } else if (name.equals(VAL_NON_REPUDIATION)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.NON_REPUDIATION); + ext.get(KeyUsageExtension.NON_REPUDIATION); return val.toString(); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); + ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); + ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_KEY_AGREEMENT)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_AGREEMENT); + ext.get(KeyUsageExtension.KEY_AGREEMENT); return val.toString(); } else if (name.equals(VAL_KEY_CERTSIGN)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.KEY_CERTSIGN); + ext.get(KeyUsageExtension.KEY_CERTSIGN); return val.toString(); } else if (name.equals(VAL_CRL_SIGN)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.CRL_SIGN); + ext.get(KeyUsageExtension.CRL_SIGN); return val.toString(); } else if (name.equals(VAL_ENCIPHER_ONLY)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.ENCIPHER_ONLY); + ext.get(KeyUsageExtension.ENCIPHER_ONLY); return val.toString(); } else if (name.equals(VAL_DECIPHER_ONLY)) { ext = (KeyUsageExtension) - getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) - ext.get(KeyUsageExtension.DECIPHER_ONLY); + ext.get(KeyUsageExtension.DECIPHER_ONLY); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), - getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_DIGITAL_SIGNATURE), + getConfig(CONFIG_NON_REPUDIATION), + getConfig(CONFIG_KEY_ENCIPHERMENT), + getConfig(CONFIG_DATA_ENCIPHERMENT), + getConfig(CONFIG_KEY_AGREEMENT), + getConfig(CONFIG_KEY_CERTSIGN), + getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_ENCIPHER_ONLY), getConfig(CONFIG_DECIPHER_ONLY) }; @@ -482,14 +479,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { KeyUsageExtension ext = createKeyUsageExtension(); addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; + KeyUsageExtension ext = null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -506,8 +503,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault { try { ext = new KeyUsageExtension(critical, bits); } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + - e.toString()); + CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java index 01e92d6a..cc96f3e9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Netscape comment extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class NSCCommentExtDefault extends EnrollExtDefault { @@ -60,13 +58,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_COMMENT)) { @@ -80,7 +78,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_COMMENT)) { @@ -93,13 +91,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -108,8 +106,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -118,27 +116,27 @@ public class NSCCommentExtDefault extends EnrollExtDefault { getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_COMMENT)) { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean critical = ext.isCritical(); if (value == null || value.equals("")) ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); + // throw new EPropertyException(name+" cannot be empty"); else ext = new NSCCommentExtension(critical, value); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -151,12 +149,12 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -165,14 +163,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault { ext = (NSCCommentExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -190,7 +187,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_COMMENT)) { + } else if (name.equals(VAL_COMMENT)) { ext = (NSCCommentExtension) getExtension(oid.toString(), info); @@ -202,17 +199,17 @@ public class NSCCommentExtDefault extends EnrollExtDefault { if (comment == null) comment = ""; - + return comment; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_COMMENT) }; @@ -223,14 +220,14 @@ public class NSCCommentExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCCommentExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; + NSCCommentExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -241,8 +238,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { else ext = new NSCCommentExtension(critical, comment); } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + - e.toString()); + CMS.debug("NSCCommentExtension: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java index e3438ccf..0677ef69 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.security.cert.CertificateException; import java.util.Locale; @@ -33,12 +32,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Netscape Certificate Type extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class NSCertTypeExtDefault extends EnrollExtDefault { @@ -83,11 +81,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -127,7 +125,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SSL_CLIENT)) { @@ -135,7 +133,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(VAL_EMAIL)) { @@ -155,7 +153,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { @@ -164,8 +162,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NSCertTypeExtension ext = null; @@ -174,12 +172,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { locale, "CMS_INVALID_PROPERTY", name)); } - ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -187,69 +184,69 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { getExtension(NSCertTypeExtension.CertType_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return ; + if (ext == null) { + return; } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_SSL_CLIENT)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { + } else if (name.equals(VAL_SSL_SERVER)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { + } else if (name.equals(VAL_EMAIL)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { + } else if (name.equals(VAL_OBJECT_SIGNING)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { + } else if (name.equals(VAL_SSL_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { + } else if (name.equals(VAL_EMAIL_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) { - return ; + if (ext == null) { + return; } Boolean val = Boolean.valueOf(value); @@ -266,31 +263,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } NSCertTypeExtension ext = (NSCertTypeExtension) getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; @@ -300,63 +296,63 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_SSL_CLIENT)) { + } else if (name.equals(VAL_SSL_CLIENT)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { + } else if (name.equals(VAL_SSL_SERVER)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); return val.toString(); - } else if (name.equals(VAL_EMAIL)) { + } else if (name.equals(VAL_EMAIL)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { + } else if (name.equals(VAL_OBJECT_SIGNING)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { + } else if (name.equals(VAL_SSL_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { + } else if (name.equals(VAL_EMAIL_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { ext = (NSCertTypeExtension) - getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } @@ -364,7 +360,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (CertificateException e) { @@ -375,13 +371,13 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), - getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), - getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), - getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), + getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), + getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), + getConfig(CONFIG_EMAIL_CA), getConfig(CONFIG_OBJECT_SIGNING_CA) }; @@ -393,14 +389,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCertTypeExtension ext = createExtension(); addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); } public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; + NSCertTypeExtension ext = null; boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -415,8 +411,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { try { ext = new NSCertTypeExtension(critical, bits); } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + - e.toString()); + CMS.debug("NSCertTypeExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java index 7776238a..c513c332 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -41,25 +40,24 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a name constraint extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class NameConstraintsExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = - "nameConstraintsNumPermittedSubtrees"; + public static final String CONFIG_NUM_PERMITTED_SUBTREES = + "nameConstraintsNumPermittedSubtrees"; public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - + public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; @@ -87,7 +85,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); @@ -128,41 +126,40 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); - } - } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { + } + } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { try { - num = Integer.parseInt(value); + num = Integer.parseInt(value); - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -203,50 +200,49 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { @@ -255,23 +251,23 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); } else { @@ -280,21 +276,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { NameConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -302,19 +298,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext.setCritical(val); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + + CMS.debug("NameConstraintsExtDefault:setValue : " + "blank value for permitted subtrees ... returning"); return; } @@ -323,17 +319,17 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); + ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, + new GeneralSubtrees(permittedSubtrees)); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) { + if (ext == null) { return; } if ((value == null) || (value.equals("null")) || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " + + CMS.debug("NameConstraintsExtDefault:setValue : " + "blank value for excluded subtrees ... returning"); return; } @@ -341,21 +337,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); + ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, + new GeneralSubtrees(excludedSubtrees)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -385,16 +381,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else if (name1.equals(MAX_VALUE)) { maxS = nvps.getValue(name1); } - } + } if (choice == null || choice.length() == 0) { throw new EPropertyException(CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - + if (val == null) val = ""; - + int min = 0; int max = -1; @@ -410,7 +406,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { gnI = parseGeneralName(choice + ":" + val); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: createSubtress " + - e.toString()); + e.toString()); } if (gnI != null) { @@ -423,32 +419,31 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { gn, min, max); subtrees.addElement(subtree); - } + } return subtrees; } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { NameConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (NameConstraintsExtension) - getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -465,7 +460,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); @@ -475,19 +470,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) + subtrees = (GeneralSubtrees) ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { + } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { ext = (NameConstraintsExtension) getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); @@ -497,26 +492,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) + subtrees = (GeneralSubtrees) ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if( subtrees == null ) { - CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" ); - throw new EPropertyException( "subtrees is null" ); + if (subtrees == null) { + CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); + throw new EPropertyException("subtrees is null"); } return getSubtreesInfo(ext, subtrees); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { + private String getSubtreesInfo(NameConstraintsExtension ext, + GeneralSubtrees subtrees) throws EPropertyException { Vector<GeneralSubtree> trees = subtrees.getSubtrees(); int size = trees.size(); @@ -526,8 +521,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); + String type = getGeneralNameType(gn); + int max = tree.getMaxValue(); int min = tree.getMinValue(); NameValuePairs pairs = new NameValuePairs(); @@ -540,7 +535,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } - + return buildRecords(recs); } @@ -583,8 +578,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -592,14 +587,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NameConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; + NameConstraintsExtension ext = null; try { int num = getNumPermitted(); @@ -637,18 +632,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } } - ext = new NameConstraintsExtension(critical, + ext = new NameConstraintsExtension(critical, new GeneralSubtrees(v), new GeneralSubtrees(v1)); } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("NameConstraintsExtDefault: createExtension " + + e.toString()); } return ext; } - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { + private GeneralSubtree createSubtree(String choice, String value, + String minS, String maxS) { GeneralName gn = null; GeneralNameInterface gnI = null; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java index 283f5083..8197d3de 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements no default policy. - * + * * @version $Revision$, $Date$ */ -public class NoDefault implements IPolicyDefault { +public class NoDefault implements IPolicyDefault { public static final String PROP_NAME = "name"; @@ -55,7 +53,7 @@ public class NoDefault implements IPolicyDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getDefaultConfig(String name) { @@ -67,7 +65,7 @@ public class NoDefault implements IPolicyDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -79,7 +77,7 @@ public class NoDefault implements IPolicyDefault { * Populates the request with this policy default. */ public void populate(IRequest request) - throws EProfileException { + throws EProfileException { } public Enumeration getValueNames() { @@ -90,9 +88,9 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setValue(String name, Locale locale, IRequest request, - String value) - throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java index 28a25a6e..382f3cec 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.extensions.OCSPNoCheckExtension; @@ -32,12 +31,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates an OCSP No Check extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class OCSPNoCheckExtDefault extends EnrollExtDefault { @@ -53,13 +51,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { @@ -69,7 +67,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { @@ -78,70 +76,67 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, info); - - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + getExtension(OCSPNoCheckExtension.OID, info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { - return; + if (ext == null) { + return; } ext.setCritical(val); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (OCSPNoCheckExtension) - getExtension(OCSPNoCheckExtension.OID, info); + getExtension(OCSPNoCheckExtension.OID, info); if (ext == null) { return null; @@ -152,7 +147,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { return "false"; } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -166,20 +161,20 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { OCSPNoCheckExtension ext = createExtension(); addExtension(OCSPNoCheckExtension.OID, ext, info); } public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; + OCSPNoCheckExtension ext = null; try { ext = new OCSPNoCheckExtension(); } catch (Exception e) { CMS.debug("OCSPNoCheckExtDefault: createExtension " + - e.toString()); + e.toString()); return null; } boolean critical = getConfigBoolean(CONFIG_CRITICAL); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java index 9a36f0cd..db9b95a0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a policy constraints extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class PolicyConstraintsExtDefault extends EnrollExtDefault { @@ -64,17 +62,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { @@ -87,11 +85,11 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, + return new Descriptor(IDescriptor.INTEGER, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { @@ -103,104 +101,103 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PolicyConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyConstraintsExtension) getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext.setCritical(val); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - - if(ext == null) { + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); + + if (ext == null) { return; - } + } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { + } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); - if(ext == null) { + if (ext == null) { return; } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.INHIBIT, num); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PolicyConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyConstraintsExtension) getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) { return null; @@ -210,10 +207,10 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -223,8 +220,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { ext = (PolicyConstraintsExtension) - getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -233,15 +230,15 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_REQ_EXPLICIT_POLICY), getConfig(CONFIG_INHIBIT_POLICY_MAPPING) }; @@ -252,17 +249,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyConstraintsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + ext, info); } public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; + PolicyConstraintsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -281,8 +278,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyConstraintsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java index 05899e2c..183ef87b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,12 +39,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a policy mappings extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class PolicyMappingsExtDefault extends EnrollExtDefault { @@ -85,27 +83,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_MAPPINGS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } } super.setConfig(name, value); } @@ -132,7 +130,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", @@ -151,8 +149,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { return new Descriptor(IDescriptor.INTEGER, null, - "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); } return null; @@ -160,7 +158,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DOMAINS)) { @@ -172,43 +170,43 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyMappingsExtension) getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { + ext.setCritical(val); + } else if (name.equals(VAL_DOMAINS)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - - if(ext == null) { + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); + + if (ext == null) { return; - } + } Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); @@ -232,12 +230,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { enable = nvps.getValue(name1); } } - + if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null || - issuerPolicyId.length() == 0 || subjectPolicyId == null || - subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( + if (issuerPolicyId == null || + issuerPolicyId.length() == 0 || subjectPolicyId == null || + subjectPolicyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); CertificatePolicyMap map = new CertificatePolicyMap( new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), @@ -248,52 +246,51 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } ext.set(PolicyMappingsExtension.MAP, policyMaps); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (PolicyMappingsExtension) getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); - if(ext == null) - { + info); + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) { return null; @@ -303,10 +300,10 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DOMAINS)) { + } else if (name.equals(VAL_DOMAINS)) { ext = (PolicyMappingsExtension) - getExtension(PKIXExtensions.PolicyMappings_Id.toString(), - info); + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) return ""; @@ -314,7 +311,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { int num_mappings = getNumMappings(); Enumeration<CertificatePolicyMap> maps = ext.getMappings(); - + int num = 0; StringBuffer sb = new StringBuffer(); @@ -323,12 +320,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { for (int i = 0; i < num_mappings; i++) { NameValuePairs pairs = new NameValuePairs(); - if (maps.hasMoreElements()) { - CertificatePolicyMap map = - (CertificatePolicyMap) maps.nextElement(); - + if (maps.hasMoreElements()) { + CertificatePolicyMap map = + (CertificatePolicyMap) maps.nextElement(); + CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); + CertificatePolicyId s1 = map.getSubjectIdentifier(); pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString()); pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); @@ -337,14 +334,14 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { pairs.add(ISSUER_POLICY_ID, ""); pairs.add(SUBJECT_POLICY_ID, ""); pairs.add(POLICY_ID_ENABLE, "false"); - + } recs.addElement(pairs); - } - + } + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -368,8 +365,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -377,24 +374,24 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyMappingsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), - ext, info); + addExtension(PKIXExtensions.PolicyMappings_Id.toString(), + ext, info); } public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; + PolicyMappingsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>(); int num = getNumMappings(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { @@ -420,8 +417,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { ext = new PolicyMappingsExtension(critical, policyMaps); } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " + - e.toString()); + CMS.debug("PolicyMappingsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java index f1a71ff9..20285567 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; @@ -37,12 +36,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a Private Key Usage Period extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { @@ -70,13 +68,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_START_TIME)) { @@ -93,28 +91,28 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_NOT_BEFORE)) { @@ -131,13 +129,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -146,8 +144,8 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } if (name.equals(VAL_CRITICAL)) { @@ -156,38 +154,38 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + ext.setCritical(val); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -200,12 +198,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -214,14 +212,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -239,9 +236,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); @@ -250,9 +247,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { return ""; return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); @@ -262,14 +259,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { return formatter.format(ext.getNotAfter()); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_START_TIME), getConfig(CONFIG_DURATION) }; @@ -281,14 +278,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PrivateKeyUsageExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; + PrivateKeyUsageExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -296,12 +293,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() + - (1000 * startTime)); + if (startTimeStr == null || startTimeStr.equals("")) { + startTimeStr = "60"; + } + int startTime = Integer.parseInt(startTimeStr); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; notAfterVal = notBefore.getTime() + @@ -309,10 +306,10 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { Date notAfter = new Date(notAfterVal); ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); + ext.setCritical(critical); } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + - e.toString()); + CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java index 4bca9350..11da93fc 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.AlgorithmId; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a signing algorithm * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SigningAlgDefault extends EnrollDefault { @@ -47,8 +45,8 @@ public class SigningAlgDefault extends EnrollDefault { public static final String CONFIG_ALGORITHM = "signingAlg"; public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = - "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; + public static final String DEF_CONFIG_ALGORITHMS = + "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; public SigningAlgDefault() { super(); @@ -57,7 +55,7 @@ public class SigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -68,41 +66,39 @@ public class SigningAlgDefault extends EnrollDefault { CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; - } + } } - public String getSigningAlg() - { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") || - signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } + public String getSigningAlg() { + String signingAlg = getConfig(CONFIG_ALGORITHM); + // if specified, use the specified one. Otherwise, pick + // the best selection for the user + if (signingAlg == null || signingAlg.equals("") || + signingAlg.equals("-")) { + // best pick for the user + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + return ca.getDefaultAlgorithm(); + } else { + return signingAlg; + } } - public String getDefSigningAlgorithms() - { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) + public String getDefSigningAlgorithms() { + StringBuffer allowed = new StringBuffer(); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length()== 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); + String algos[] = ca.getCASigningAlgorithms(); + for (int i = 0; i < algos.length; i++) { + if (allowed.length() == 0) { + allowed.append(algos[i]); + } else { + allowed.append(","); + allowed.append(algos[i]); + } } - } - return allowed.toString(); - } + return allowed.toString(); + } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALGORITHM)) { @@ -115,31 +111,31 @@ public class SigningAlgDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALGORITHM)) { try { info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(value))); + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(value))); } catch (Exception e) { CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); @@ -151,23 +147,23 @@ public class SigningAlgDefault extends EnrollDefault { algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algId.get(CertificateAlgorithmId.ALGORITHM); + algId.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("SigningAlgDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", getSigningAlg()); } @@ -175,11 +171,11 @@ public class SigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(getSigningAlg()))); + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(getSigningAlg()))); } catch (Exception e) { CMS.debug("SigningAlgDefault: populate " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index 8adc94dc..7713e114 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,12 +41,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a subject alternative name extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectAltNameExtDefault extends EnrollExtDefault { @@ -90,70 +88,69 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; + num = DEF_NUM_GN; return num; } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { - super.init(profile,config); - refreshConfigAndValueNames(); + super.init(profile, config); + refreshConfigAndValueNames(); // migrate old parameters to new parameters String old_type = null; String old_pattern = null; IConfigStore paramConfig = config.getSubStore("params"); try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } + if (paramConfig != null) { + old_type = paramConfig.getString(CONFIG_OLD_TYPE); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + old_type); try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } + if (paramConfig != null) { + old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } + if (old_type != null && old_pattern != null) { + CMS.debug("SubjectAltNameExtDefault: Upgrading"); + try { + paramConfig.putString(CONFIG_NUM_GNS, "1"); + paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); + paramConfig.putString(CONFIG_TYPE + "0", old_type); + paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); + paramConfig.remove(CONFIG_OLD_TYPE); + paramConfig.remove(CONFIG_OLD_PATTERN); + profile.getConfigStore().commit(true); + } catch (Exception e) { + CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); + } } } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_GN || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } } super.setConfig(name, value); } @@ -173,29 +170,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { int num = getNumGNs(); addConfigName(CONFIG_NUM_GNS); for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); + addConfigName(CONFIG_TYPE + i); + addConfigName(CONFIG_PATTERN + i); + addConfigName(CONFIG_GN_ENABLE + i); } } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", "RFC822Name", - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); } else if (name.startsWith(CONFIG_NUM_GNS)) { @@ -209,11 +206,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -222,13 +219,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -236,12 +233,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) { - populate(null,info); - } + if (ext == null) { + populate(null, info); + } if (name.equals(VAL_CRITICAL)) { - ext = + ext = (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); @@ -253,7 +250,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = + ext = (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); @@ -278,41 +275,41 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + CMS.debug("GN size is zero"); + deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); return; } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + CMS.debug("GN size is non zero (" + gn.size() + ")"); + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -320,22 +317,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { (SubjectAlternativeNameExtension) getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -346,15 +342,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = - (SubjectAlternativeNameExtension) - getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; } GeneralNames names = (GeneralNames) - ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); StringBuffer sb = new StringBuffer(); Enumeration<GeneralNameInterface> e = names.elements(); @@ -369,12 +365,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + - e.toString()); + CMS.debug("SubjectAltNameExtDefault: getValue " + + e.toString()); } return null; } @@ -388,20 +384,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { String numGNs = getConfig(CONFIG_NUM_GNS); int num = getNumGNs(); - for (int i= 0; i< num; i++) { + for (int i = 0; i < num; i++) { sb.append("Record #"); sb.append(i); sb.append("{"); sb.append(GN_PATTERN + ":"); sb.append(getConfig(CONFIG_PATTERN + i)); sb.append(","); - sb.append(GN_TYPE +":"); - sb.append(getConfig(CONFIG_TYPE +i)); + sb.append(GN_TYPE + ":"); + sb.append(getConfig(CONFIG_TYPE + i)); sb.append(","); sb.append(GN_ENABLE + ":"); sb.append(getConfig(CONFIG_GN_ENABLE + i)); sb.append("}"); - }; + } + ; return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -410,7 +407,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectAlternativeNameExtension ext = null; try { @@ -421,15 +418,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); } if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } else { CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); } } public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { + throws IOException { SubjectAlternativeNameExtension ext = null; int num = getNumGNs(); @@ -438,11 +435,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { GeneralNames gn = new GeneralNames(); int count = 0; // # of actual gnames - for (int i=0; i< num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE +i); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_GN_ENABLE + i); if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i); - + CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) { pattern = " "; @@ -453,28 +450,28 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // cfu - see if this is server-generated (e.g. UUID4) // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE +i); + String source = getConfig(CONFIG_SOURCE + i); String type = getConfig(CONFIG_TYPE + i); if ((source != null) && (!source.equals(""))) { if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using "+ - source+ " as gn"); + CMS.debug("SubjectAlternativeNameExtension: using " + + source + " as gn"); if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the substitute - // function - gname = mapPattern(randUUID.toString(), request, pattern); + UUID randUUID = UUID.randomUUID(); + // call the mapPattern that does server-side gen + // request is not used, but needed for the substitute + // function + gname = mapPattern(randUUID.toString(), request, pattern); } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4"); + continue; } } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); + continue; } } else { - if (request != null) { + if (request != null) { gname = mapPattern(request, pattern); } } @@ -483,11 +480,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("gname is empty, not added"); continue; } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname); + CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname); GeneralNameInterface n = parseGeneralName(type + ":" + gname); - CMS.debug("adding gname: "+gname); + CMS.debug("adding gname: " + gname); if (n != null) { CMS.debug("SubjectAlternativeNameExtension: n not null"); gn.addElement(n); @@ -496,26 +493,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAlternativeNameExtension: n null"); } } - } + } } //for if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException( e.toString() ); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); + try { + ext = new SubjectAlternativeNameExtension(); + } catch (Exception e) { + CMS.debug(e.toString()); + throw new IOException(e.toString()); + } + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + ext.setCritical(critical); } else { - CMS.debug("count is 0"); - } + CMS.debug("count is 0"); + } return ext; } - public String mapPattern(IRequest request, String pattern) - throws IOException { + public String mapPattern(IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -525,8 +522,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { + public String mapPattern(String val, IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -535,7 +532,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { try { attrSet.set("source", val); } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString()); + CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString()); } return p.substitute("server", attrSet); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java index 04ae8da3..29562123 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java @@ -46,7 +46,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates a subject directory attributes extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { @@ -71,7 +71,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } @@ -95,26 +95,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_ATTRS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } } super.setConfig(name, value); } - public Enumeration<String> getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -136,43 +135,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ATTRS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); } else { @@ -181,55 +180,53 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectDirAttributesExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { + ext.setCritical(val); + } else if (name.equals(VAL_ATTR)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); - if(ext == null) - { + if (ext == null) { return; } Vector<NameValuePairs> v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); X500NameAttrMap map = X500NameAttrMap.getDefault(); Vector<Attribute> attrV = new Vector<Attribute>(); - for (int i=0; i < size; i++) { + for (int i = 0; i < size; i++) { NameValuePairs nvps = v.elementAt(i); Enumeration<String> names = nvps.getNames(); String attrName = null; String attrValue = null; String enable = "false"; while (names.hasMoreElements()) { - String name1 = names.nextElement(); + String name1 = names.nextElement(); if (name1.equals(ATTR_NAME)) { attrName = nvps.getValue(name1); @@ -241,8 +238,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } if (enable.equals("true")) { - AttributeConfig attributeConfig = - new AttributeConfig(attrName, attrValue); + AttributeConfig attributeConfig = + new AttributeConfig(attrName, attrValue); Attribute attr = attributeConfig.mAttribute; if (attr != null) attrV.addElement(attr); @@ -256,43 +253,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else return; } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " + - e.toString()); - throw new EPropertyException(CMS.getUserMessage( + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { SubjectDirAttributesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) { return null; @@ -302,10 +299,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_ATTR)) { + } else if (name.equals(VAL_ATTR)) { ext = (SubjectDirAttributesExtension) - getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) return ""; @@ -315,42 +312,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Vector<NameValuePairs> recs = new Vector<NameValuePairs>(); int num = getNumAttrs(); Enumeration<Attribute> e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e); - int i=0; + CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e); + int i = 0; while (e.hasMoreElements()) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "true"); Attribute attr = e.nextElement(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr); + CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr); ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid); - + CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid); + String vv = map.getName(oid); - if (vv != null) + if (vv != null) pairs.add(ATTR_NAME, vv); else pairs.add(ATTR_NAME, oid.toString()); Enumeration<String> v = attr.getValues(); - + // just support single value for now StringBuffer ss = new StringBuffer(); while (v.hasMoreElements()) { if (ss.length() == 0) - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); else { ss.append(","); - ss.append((String)(v.nextElement())); + ss.append((String) (v.nextElement())); } } - pairs .add(ATTR_VALUE, ss.toString()); + pairs.add(ATTR_VALUE, ss.toString()); recs.addElement(pairs); i++; } - - for (;i < num; i++) { + + for (; i < num; i++) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "false"); pairs.add(ATTR_NAME, "GENERATIONQUALIFIER"); @@ -360,7 +357,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -383,8 +380,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -393,32 +390,32 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectDirAttributesExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; + throws EProfileException { + SubjectDirAttributesExtension ext = null; int num = 0; boolean critical = getConfigBoolean(CONFIG_CRITICAL); num = getNumAttrs(); - + AttributeConfig attributeConfig = null; Vector<Attribute> attrs = new Vector<Attribute>(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); + String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) pattern = " "; @@ -427,8 +424,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { int lastpos = pattern.lastIndexOf("$"); String attrValue = pattern; if (!pattern.equals("") && startpos != -1 && - startpos == 0 && lastpos != -1 && - lastpos == (pattern.length()-1)) { + startpos == 0 && lastpos != -1 && + lastpos == (pattern.length() - 1)) { if (request != null) { try { attrValue = mapPattern(request, pattern); @@ -436,7 +433,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { throw new EProfileException(e.toString()); } } - } + } try { attributeConfig = new AttributeConfig(attrName, attrValue); } catch (EPropertyException e) { @@ -454,7 +451,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { attrs.copyInto(attrList); try { ext = - new SubjectDirAttributesExtension(attrList, critical); + new SubjectDirAttributesExtension(attrList, critical); } catch (IOException e) { throw new EProfileException(e.toString()); } @@ -470,50 +467,49 @@ class AttributeConfig { protected Attribute mAttribute = null; public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { + throws EPropertyException { X500NameAttrMap map = X500NameAttrMap.getDefault(); - + if (attrName == null || attrName.length() == 0) { throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); } - + if (attrValue == null || attrValue.length() == 0) { throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); } try { mAttributeOID = new ObjectIdentifier(attrName); } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName); + CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName); } if (mAttributeOID == null) { mAttributeOID = map.getOid(attrName); if (mAttributeOID == null) throw new EPropertyException( - CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); try { checkValue(mAttributeOID, attrValue); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); + mAttribute = new Attribute(mAttributeOID, + str2MultiValues(attrValue)); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); DerValue derval; @@ -527,7 +523,7 @@ class AttributeConfig { while (tokenizer.hasMoreTokens()) { v.addElement(tokenizer.nextToken()); } - + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index 8a3f2afc..afc5f1f9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** - * This class implements an enrollment default policy + * This class implements an enrollment default policy * that populates Subject Info Access extension. - * + * * @version $Revision$, $Date$ */ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { @@ -87,29 +85,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } } super.setConfig(name, value); } @@ -137,28 +135,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { + } else if (name.startsWith(CONFIG_NUM_ADS)) { return new Descriptor(IDescriptor.INTEGER, null, "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); @@ -168,11 +166,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { @@ -181,45 +179,42 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { try { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); ext = (SubjectInfoAccessExtension) - getExtension(oid.toString(), info); + getExtension(oid.toString(), info); - if(ext == null) { - populate(null,info); + if (ext == null) { + populate(null, info); } - + if (name.equals(VAL_CRITICAL)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if(ext == null) - { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { return; } boolean critical = ext.isCritical(); @@ -258,17 +253,17 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", locationType)); + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier(method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString()); + CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_DEF_SIA_OID", method)); + locale, "CMS_PROFILE_DEF_SIA_OID", method)); } } } @@ -291,30 +286,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { SubjectInfoAccessExtension ext = null; - if (name == null) { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -331,7 +325,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); @@ -340,11 +334,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return ""; int num = getNumAds(); - + CMS.debug("SubjectInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -358,7 +352,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -397,7 +391,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -405,14 +399,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; + SubjectInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -434,21 +428,21 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - location = "http://"+hostname+":"+port+"/ocsp"; + location = "http://" + hostname + ":" + port + "/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java index d8b09f5d..9476e45f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -39,12 +38,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a subject key identifier extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { @@ -61,19 +59,19 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); } else { @@ -82,8 +80,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -99,8 +97,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -108,24 +106,23 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { SubjectKeyIdentifierExtension ext = (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + PKIXExtensions.SubjectKey_Id.toString(), info); - if(ext == null) - { + if (ext == null) { try { - populate(null,info); + populate(null, info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { return null; @@ -136,9 +133,9 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = - (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { return null; @@ -149,11 +146,11 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { kid = (KeyIdentifier) ext.get(SubjectKeyIdentifierExtension.KEY_ID); } catch (IOException e) { - CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " + - "kid is null!" ); - throw new EPropertyException( CMS.getUserMessage( locale, + CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " + + "kid is null!"); + throw new EPropertyException(CMS.getUserMessage(locale, "CMS_INVALID_PROPERTY", - name ) ); + name)); } return toHexString(kid.getIdentifier()); } else { @@ -170,7 +167,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); @@ -184,36 +181,36 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return null; } SubjectKeyIdentifierExtension ext = null; - + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); try { ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + + e.toString()); // } return ext; } - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) - info.get(X509CertInfo.KEY); + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); - md.update(key.getKey()); + md.update(key.getKey()); byte[] hash = md.digest(); return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + - e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java index 9f404e89..479219b8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class SubjectNameDefault extends EnrollDefault { @@ -55,15 +53,15 @@ public class SubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_NAME)) { + return new Descriptor(IDescriptor.STRING, null, "CN=TEST", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } @@ -72,18 +70,18 @@ public class SubjectNameDefault extends EnrollDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -100,25 +98,25 @@ public class SubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -133,18 +131,18 @@ public class SubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("SubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", getConfig(CONFIG_NAME)); } @@ -152,13 +150,13 @@ public class SubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; String subjectName = null; try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); + subjectName = mapPattern(request, getConfig(CONFIG_NAME)); } catch (IOException e) { CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); } @@ -176,8 +174,8 @@ public class SubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java index c834eee1..46a78c73 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.util.Locale; import netscape.security.x509.CertificateExtensions; @@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied extension * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserExtensionDefault extends EnrollExtDefault { @@ -57,11 +55,11 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_OID)) { return new Descriptor(IDescriptor.STRING, null, "Comment Here...", @@ -83,16 +81,16 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // Nothing to do for read-only values } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_OID)) { @@ -104,7 +102,7 @@ public class UserExtensionDefault extends EnrollExtDefault { } return ext.getExtensionId().toString(); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -117,22 +115,22 @@ public class UserExtensionDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateExtensions inExts = null; String oid = getConfig(CONFIG_OID); inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); if (inExts == null) - return; + return; Extension ext = getExtension(getConfig(CONFIG_OID), inExts); if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid); - return; + CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); + return; } // user supplied the ext that's allowed, replace the def set by system deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid); + CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); addExtension(oid, ext, info); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java index 1cff57df..b1dc9d11 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.interfaces.DSAParams; @@ -40,12 +39,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user supplied key * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserKeyDefault extends EnrollDefault { @@ -62,24 +60,24 @@ public class UserKeyDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); } else if (name.equals(VAL_LEN)) { return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); } else if (name.equals(VAL_TYPE)) { return new Descriptor(IDescriptor.STRING, - IDescriptor.READONLY, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else { @@ -88,15 +86,15 @@ public class UserKeyDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { + X509CertInfo info) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } @@ -116,7 +114,7 @@ public class UserKeyDefault extends EnrollDefault { ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing - } + } if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); @@ -139,7 +137,7 @@ public class UserKeyDefault extends EnrollDefault { } catch (Exception e) { // nothing } - if (k == null) { + if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); } @@ -171,12 +169,12 @@ public class UserKeyDefault extends EnrollDefault { } catch (Exception e) { // nothing } - if (k == null) { + if (k == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_PROFILE_KEY_NOT_FOUND")); } - return k.getAlgorithm() + " - " + - k.getAlgorithmId().getOID().toString(); + return k.getAlgorithm() + " - " + + k.getAlgorithmId().getOID().toString(); } else { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -217,7 +215,7 @@ public class UserKeyDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateX509Key certKey = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java index 07e6c77e..4aeed6ba 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied signing algorithm * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserSigningAlgDefault extends EnrollDefault { @@ -53,30 +51,30 @@ public class UserSigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); + "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -88,7 +86,7 @@ public class UserSigningAlgDefault extends EnrollDefault { algID = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); AlgorithmId id = (AlgorithmId) - algID.get(CertificateAlgorithmId.ALGORITHM); + algID.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { @@ -109,7 +107,7 @@ public class UserSigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateAlgorithmId certAlg = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java index f589b654..65456e25 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserSubjectNameDefault extends EnrollDefault { @@ -53,7 +51,7 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -67,8 +65,8 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); @@ -84,12 +82,12 @@ public class UserSubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { @@ -99,10 +97,10 @@ public class UserSubjectNameDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -115,10 +113,10 @@ public class UserSubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -131,7 +129,7 @@ public class UserSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java index 2d79b192..3fadb81f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.ByteArrayInputStream; import java.util.Date; import java.util.Locale; @@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a user-supplied validity * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class UserValidityDefault extends EnrollDefault { @@ -55,13 +53,13 @@ public class UserValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); @@ -76,16 +74,16 @@ public class UserValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { @@ -93,32 +91,32 @@ public class UserValidityDefault extends EnrollDefault { try { validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); Date notBefore = (Date) - validity.get(CertificateValidity.NOT_BEFORE); + validity.get(CertificateValidity.NOT_BEFORE); return notBefore.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { try { CertificateValidity validity = null; validity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + info.get(X509CertInfo.VALIDITY); Date notAfter = (Date) - validity.get(CertificateValidity.NOT_AFTER); + validity.get(CertificateValidity.NOT_AFTER); return notAfter.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } @@ -131,7 +129,7 @@ public class UserValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateValidity certValidity = null; // authenticate the certificate key, and move // the key from request into x509 certinfo diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java index 6e9b08ab..ad06400f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; - import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -36,12 +35,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements an enrollment default policy * that populates a server-side configurable validity * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class ValidityDefault extends EnrollDefault { @@ -64,26 +62,26 @@ public class ValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + } } super.setConfig(name, value); } @@ -91,16 +89,16 @@ public class ValidityDefault extends EnrollDefault { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { return new Descriptor(IDescriptor.STRING, - null, + null, "2922", CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_RANGE")); + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { return new Descriptor(IDescriptor.STRING, - null, + null, "60", /* 1 minute */ CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + "CMS_PROFILE_VALIDITY_START_TIME")); } else { return null; } @@ -119,19 +117,19 @@ public class ValidityDefault extends EnrollDefault { } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { - if (name == null) { + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { + if (value == null || value.equals("")) { throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -140,15 +138,15 @@ public class ValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_BEFORE, - date); + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; @@ -157,7 +155,7 @@ public class ValidityDefault extends EnrollDefault { validity = (CertificateValidity) info.get(X509CertInfo.VALIDITY); validity.set(CertificateValidity.NOT_AFTER, - date); + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( @@ -170,16 +168,16 @@ public class ValidityDefault extends EnrollDefault { } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -192,8 +190,8 @@ public class ValidityDefault extends EnrollDefault { } throw new EPropertyException("Invalid valie"); } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = - new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { @@ -214,7 +212,7 @@ public class ValidityDefault extends EnrollDefault { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", getConfig(CONFIG_RANGE)); } @@ -222,11 +220,11 @@ public class ValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("ValidityDefault: populate " + e.toString()); } @@ -241,7 +239,7 @@ public class ValidityDefault extends EnrollDefault { try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() + + notAfterVal = notBefore.getTime() + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct @@ -250,8 +248,8 @@ public class ValidityDefault extends EnrollDefault { getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = - new CertificateValidity(notBefore, notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java index c8beca2f..6b5ab6bc 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java @@ -37,19 +37,19 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsHKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_PARAMS = "params"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; + protected static String DEFAULT_DNPATTERN = + "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; protected IConfigStore mParamsConfig; @@ -61,43 +61,43 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -111,26 +111,26 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -145,19 +145,19 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsHKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -165,15 +165,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); + CMS.debug("nsHKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -184,32 +184,32 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { + + CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String sbjname = ""; - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; - } + return sbjname; + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index 3a1d1c6e..6e36302e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -45,13 +45,13 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsNKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; @@ -64,20 +64,20 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.aoluid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.aoluid$, E=$request.mail$"; /* ldap configuration sub-store */ - boolean mInitialized = false; + boolean mInitialized = false; protected IConfigStore mInstConfig; protected IConfigStore mLdapConfig; protected IConfigStore mParamsConfig; - /* ldap base dn */ + /* ldap base dn */ protected String mBaseDN = null; /* factory of anonymous ldap connections */ @@ -90,104 +90,104 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public nsNKeySubjectNameDefault() { super(); addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); + addConfigName(CONFIG_LDAP_STRING_ATTRS); addConfigName(CONFIG_LDAP_HOST); addConfigName(CONFIG_LDAP_PORT); addConfigName(CONFIG_LDAP_SEC_CONN); addConfigName(CONFIG_LDAP_VER); addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); + addConfigName(CONFIG_LDAP_MIN_CONN); + addConfigName(CONFIG_LDAP_MAX_CONN); addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); + addValueName(CONFIG_LDAP_STRING_ATTRS); addValueName(CONFIG_LDAP_HOST); addValueName(CONFIG_LDAP_PORT); addValueName(CONFIG_LDAP_SEC_CONN); addValueName(CONFIG_LDAP_VER); addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); + addValueName(CONFIG_LDAP_MIN_CONN); + addValueName(CONFIG_LDAP_MAX_CONN); } public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; + throws EProfileException { + mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { + "CMS_PROFILE_SUBJECT_NAME")); + } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); + } else if (name.equals(CONFIG_LDAP_HOST)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); + } else if (name.equals(CONFIG_LDAP_PORT)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); + } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); + } else if (name.equals(CONFIG_LDAP_VER)) { return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); + } else if (name.equals(CONFIG_LDAP_BASEDN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); + } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); + } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -201,26 +201,26 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -235,79 +235,80 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsNKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() - throws EProfileException { - if (mInitialized == true) return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); - } - } + public void ldapInit() + throws EProfileException { + if (mInitialized == true) + return; + + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); + + try { + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); + + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; + + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); + + mLdapStringAttrs = new String[pAttrs.countTokens()]; + + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } + } + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); + mInitialized = true; + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); + } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); + CMS.debug("nsNKeySubjectNameDefault: in populate"); + ldapInit(); try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + // cfu - this goes to ldap + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -318,55 +319,55 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) - throws EProfileException, IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - LDAPConnection conn = null; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } + + LDAPConnection conn = null; String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { + String sbjname = ""; + // get DN from ldap to fill request + try { + if (mConnFactory == null) { conn = null; CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + - "request is null!" ); - throw new EProfileException( "request is null" ); - } - // retrieve the attributes + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } else { + CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " + + "request is null!"); + throw new EProfileException("request is null"); + } + // retrieve the attributes // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); @@ -378,42 +379,43 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid")); + ; + + LDAPEntry entry = null; + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); + + if (!results.hasMoreElements()) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); + throw new EProfileException("no ldap attributes found"); + } + entry = results.next(); + // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]); + request.setExtData(mLdapStringAttrs[i], sla[0]); + } } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString()); + throw new EProfileException("getSubjectName() failure: " + e.toString()); + } finally { + try { + if (conn != null) + mConnFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); + } + } + return sbjname; + + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java index 030470b3..77fa417f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java @@ -37,7 +37,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { @@ -49,7 +49,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { /* default dn pattern if left blank or not set in the config */ protected static String DEFAULT_DNPATTERN = - "Token Key Device - $request.tokencuid$"; + "Token Key Device - $request.tokencuid$"; protected IConfigStore mParamsConfig; @@ -61,43 +61,43 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -111,27 +111,26 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException - { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -146,19 +145,19 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } catch (Exception e) { // nothing CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -166,15 +165,15 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); + String subjectName = getSubjectName(request); CMS.debug("subjectName=" + subjectName); if (subjectName == null || subjectName.equals("")) - return; + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -185,8 +184,8 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); @@ -194,23 +193,23 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } private String getSubjectName(IRequest request) - throws EProfileException, IOException { + throws EProfileException, IOException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } - - String sbjname = ""; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + String sbjname = ""; + + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; + return sbjname; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index ac98a0cb..8f975941 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -45,7 +45,7 @@ import com.netscape.certsrv.request.IRequest; * This class implements an enrollment default policy * that populates server-side configurable subject name * into the certificate template. - * + * * @version $Revision$, $Date$ */ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { @@ -66,12 +66,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = - "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "CN=$request.uid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.uid$, E=$request.mail$"; /* ldap configuration sub-store */ boolean mldapInitialized = false; @@ -118,93 +118,93 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + "CMS_PROFILE_SUBJECT_NAME")); } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { return new Descriptor(IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); } else if (name.equals(CONFIG_LDAP_VER)) { return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name); + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name); if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME")); + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public void setValue(String name, Locale locale, - X509CertInfo info, String value) - throws EPropertyException { + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value); + CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -218,26 +218,26 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getValue(String name, Locale locale, - X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name); + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { @@ -254,76 +254,77 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage( + throw new EPropertyException(CMS.getUserMessage( locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } public void ldapInit() - throws EProfileException { - if (mldapInitialized == true) return; + throws EProfileException { + if (mldapInitialized == true) + return; CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, - false); - if (mldapEnabled == false) - return; + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, + false); + if (mldapEnabled == false) + return; - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); - mLdapStringAttrs = new String[pAttrs.countTokens()]; + mLdapStringAttrs = new String[pAttrs.countTokens()]; - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } } - } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); + mldapInitialized = true; } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: " + e.toString()); } - } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); -ldapInit(); + ldapInit(); try { // cfu - this goes to ldap String subjectName = getSubjectName(request); @@ -340,8 +341,8 @@ ldapInit(); // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); @@ -349,7 +350,7 @@ ldapInit(); } private String getSubjectName(IRequest request) - throws EProfileException, IOException { + throws EProfileException, IOException { CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); @@ -360,10 +361,10 @@ ldapInit(); String sbjname = ""; if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + if (request != null) { + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); } return sbjname; } @@ -384,34 +385,34 @@ ldapInit(); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if( conn == null ) { - CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " + - "no LDAP connection" ); - throw new EProfileException( "no LDAP connection" ); + if (conn == null) { + CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection"); + throw new EProfileException("no LDAP connection"); } CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } // retrieve the attributes // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN); LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false); + LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); userdn = entry.getDN(); } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - mLdapStringAttrs, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); if (!results.hasMoreElements()) { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); @@ -420,28 +421,28 @@ ldapInit(); entry = results.next(); // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = - entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+ - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] + + "=" + escapeValueRfc1779(sla[0], false).toString()); + request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); + } } - CMS.debug("pattern = "+pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + CMS.debug("pattern = " + pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString()); - throw new EProfileException("getSubjectName() failure: "+e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString()); + throw new EProfileException("getSubjectName() failure: " + e.toString()); } finally { try { if (conn != null) mConnFactory.returnConn(conn); - } catch (Exception e) { + } catch (Exception e) { throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java index d067f1e6..77d4b1ce 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -35,23 +34,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input. * This input populates 2 main fields to the enrollment page: * 1/ Certificate Request Type, 2/ Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CMCCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; +public class CMCCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -63,7 +60,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -87,22 +84,22 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request = ctx.get(VAL_CERT_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); if (msgs == null) { - return; + return; } // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); @@ -118,8 +115,8 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.CERT_REQUEST, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); - } + "CMS_PROFILE_INPUT_CERT_REQ")); + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java index 12a4f549..0b7e9f07 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,23 +37,21 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input. * This input populates 2 main fields to the enrollment page: * 1/ Certificate Request Type, 2/ Certificate Request * <p> * - * This input usually is used by an enrollment profile for - * certificate requests. - * + * This input usually is used by an enrollment profile for certificate requests. + * * @version $Revision$, $Date$ */ -public class CertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; +public class CertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; public static final String VAL_CERT_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -67,7 +64,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -91,19 +88,19 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); String cert_request = ctx.get(VAL_CERT_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (cert_request_type == null) { - CMS.debug("CertReqInput: populate - invalid cert request type " + - ""); + CMS.debug("CertReqInput: populate - invalid cert request type " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { @@ -114,7 +111,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); @@ -138,7 +135,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request - ); + ); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); @@ -148,21 +145,21 @@ public class CertReqInput extends EnrollInput implements IProfileInput { } // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("CertReqInput: populate - invalid cert request type " + - cert_request_type); + CMS.debug("CertReqInput: populate - invalid cert request type " + + cert_request_type); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - cert_request_type)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + cert_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -176,12 +173,12 @@ public class CertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); + "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); } else if (name.equals(VAL_CERT_REQUEST)) { return new Descriptor(IDescriptor.CERT_REQUEST, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ")); + "CMS_PROFILE_INPUT_CERT_REQ")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java index b887807c..18b9ecf5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -37,26 +36,24 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the dual key generation input. - * This input populates parameters to the enrollment - * pages so that a CRMF request containing 2 certificate + * This input populates parameters to the enrollment + * pages so that a CRMF request containing 2 certificate * requests will be generated. * <p> - * - * This input can only be used with Netscape 7.x or later - * clients. + * + * This input can only be used with Netscape 7.x or later clients. * <p> - * + * * @version $Revision$, $Date$ */ -public class DualKeyGenInput extends EnrollInput implements IProfileInput { +public class DualKeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +66,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,29 +89,29 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { CMS.debug("DualKeyGenInput: populate - invalid cert request type " + - ""); + ""); throw new EProfileException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith("pkcs10")) { PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith("keygen")) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith("crmf")) { CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); @@ -128,20 +125,20 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); throw new EProfileException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java index 1eaf476b..db394578 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -41,16 +40,15 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the base enrollment input. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollInput implements IProfileInput { +public abstract class EnrollInput implements IProfileInput { private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; protected IConfigStore mConfig = null; protected Vector mValueNames = new Vector(); @@ -58,12 +56,12 @@ public abstract class EnrollInput implements IProfileInput { protected IProfile mProfile = null; protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; mProfile = profile; } @@ -74,17 +72,17 @@ public abstract class EnrollInput implements IProfileInput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return localized input name */ @@ -92,7 +90,7 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return localized input description */ @@ -101,14 +99,13 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the descriptor of the given value * property by name. - * + * * @param locale user locale * @param name property name * @return descriptor of the property */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - public void addValueName(String name) { mValueNames.addElement(name); } @@ -129,7 +126,7 @@ public abstract class EnrollInput implements IProfileInput { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -141,7 +138,7 @@ public abstract class EnrollInput implements IProfileInput { try { if (mConfig == null) { return null; - } + } if (mConfig.getSubStore("params") != null) { return mConfig.getSubStore("params").getString(name); } @@ -155,7 +152,7 @@ public abstract class EnrollInput implements IProfileInput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -163,7 +160,7 @@ public abstract class EnrollInput implements IProfileInput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -181,16 +178,16 @@ public abstract class EnrollInput implements IProfileInput { return null; } - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollInput ::in verifyPOP"); + public void verifyPOP(Locale locale, CertReqMsg certReqMsg) + throws EProfileException { + CMS.debug("EnrollInput ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); - if (!certReqMsg.hasPop()) { + if (!certReqMsg.hasPop()) { CMS.debug("CertReqMsg has not POP, return"); - return; + return; } ProofOfPossession pop = certReqMsg.getPop(); ProofOfPossession.Type popType = pop.getType(); @@ -202,8 +199,8 @@ public abstract class EnrollInput implements IProfileInput { try { if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { - CMS.debug("skipPOPVerify on, return"); - return; + CMS.debug("skipPOPVerify on, return"); + return; } CMS.debug("POP verification begins:"); CryptoManager cm = CryptoManager.getInstance(); @@ -214,42 +211,42 @@ public abstract class EnrollInput implements IProfileInput { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); CMS.debug(e); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); - throw new EProfileException(CMS.getUserMessage(locale, + throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } /** * Signed Audit Log - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -261,20 +258,20 @@ public abstract class EnrollInput implements IProfileInput { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java index 70ede1e2..41a0ff1f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.io.BufferedInputStream; import java.net.URL; import java.net.URLConnection; @@ -34,15 +33,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the image * input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class FileSigningInput extends EnrollInput implements IProfileInput { +public class FileSigningInput extends EnrollInput implements IProfileInput { public static final String URL = "file_signing_url"; public static final String TEXT = "file_signing_text"; @@ -59,7 +57,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,13 +75,12 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); } - public String toHexString(byte data[]) - { + public String toHexString(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { int v = data[i] & 0xff; if (v <= 9) { - sb.append("0"); + sb.append("0"); } sb.append(Integer.toHexString(v)); } @@ -94,36 +91,36 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(TEXT, ctx.get(TEXT)); request.setExtData(URL, ctx.get(URL)); request.setExtData(DIGEST_TYPE, "SHA256"); - + try { - // retrieve file and calculate the hash - URL url = new URL(ctx.get(URL)); - URLConnection c = url.openConnection(); - c.setAllowUserInteraction(false); - c.setDoInput(true); - c.setDoOutput(false); - c.setUseCaches(false); - c.connect(); - int len = c.getContentLength(); - request.setExtData(SIZE, Integer.toString(len)); - BufferedInputStream is = new BufferedInputStream(c.getInputStream()); - byte data[] = new byte[len]; - is.read(data, 0, len); - is.close(); + // retrieve file and calculate the hash + URL url = new URL(ctx.get(URL)); + URLConnection c = url.openConnection(); + c.setAllowUserInteraction(false); + c.setDoInput(true); + c.setDoOutput(false); + c.setUseCaches(false); + c.connect(); + int len = c.getContentLength(); + request.setExtData(SIZE, Integer.toString(len)); + BufferedInputStream is = new BufferedInputStream(c.getInputStream()); + byte data[] = new byte[len]; + is.read(data, 0, len); + is.close(); - // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA256"); - byte digest[] = digester.digest(data); - request.setExtData(DIGEST, toHexString(digest)); - } catch (Exception e) { - CMS.debug("FileSigningInput populate failure " + e); - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_FILE_NOT_FOUND")); + // calculate digest + MessageDigest digester = MessageDigest.getInstance("SHA256"); + byte digest[] = digester.digest(data); + request.setExtData(DIGEST, toHexString(digest)); + } catch (Exception e) { + CMS.debug("FileSigningInput populate failure " + e); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_FILE_NOT_FOUND")); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java index 5aa85e0e..029e497f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements a generic input. * <p> - * + * * @version $Revision$, $Date$ */ -public class GenericInput extends EnrollInput implements IProfileInput { +public class GenericInput extends EnrollInput implements IProfileInput { public static final String CONFIG_NUM = "gi_num"; public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; @@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public static final int DEF_NUM = 5; public GenericInput() { - int num = getNum(); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PARAM_NAME + i); - addConfigName(CONFIG_DISPLAY_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } + int num = getNum(); + for (int i = 0; i < num; i++) { + addConfigName(CONFIG_PARAM_NAME + i); + addConfigName(CONFIG_DISPLAY_NAME + i); + addConfigName(CONFIG_ENABLE + i); + } } protected int getNum() { @@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -97,48 +95,48 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - v.addElement(getConfig(CONFIG_PARAM_NAME + i)); - } - } - return v.elements(); + Vector v = new Vector(); + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + v.addElement(getConfig(CONFIG_PARAM_NAME + i)); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { int num = getNum(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { String param = getConfig(CONFIG_PARAM_NAME + i); request.setExtData(param, ctx.get(param)); - } + } } } public IDescriptor getConfigDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - if (name.equals(CONFIG_PARAM_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); - } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); - } else if (name.equals(CONFIG_ENABLE + i)) { - return new Descriptor(IDescriptor.BOOLEAN, null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); - } + if (name.equals(CONFIG_PARAM_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); + } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); + } else if (name.equals(CONFIG_ENABLE + i)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); + } } // for return null; } @@ -150,12 +148,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public IDescriptor getValueDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - String param = getConfig(CONFIG_PARAM_NAME + i); - if (param != null && param.equals(name)) { - return new Descriptor(IDescriptor.STRING, null, - null, - getConfig(CONFIG_DISPLAY_NAME + i)); - } + String param = getConfig(CONFIG_PARAM_NAME + i); + if (param != null && param.equals(name)) { + return new Descriptor(IDescriptor.STRING, null, + null, + getConfig(CONFIG_DISPLAY_NAME + i)); + } } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java index 265b958d..30570b56 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the image * input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class ImageInput extends EnrollInput implements IProfileInput { +public class ImageInput extends EnrollInput implements IProfileInput { public static final String IMAGE_URL = "image_url"; @@ -50,7 +48,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,7 +70,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java index 00c0ffcf..c2b3cf0d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -38,25 +37,23 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the key generation input that * populates parameters to the enrollment page for * key generation. * <p> - * - * This input normally is used with user-based or - * non certificate request profile. + * + * This input normally is used with user-based or non certificate request profile. * <p> - * + * * @version $Revision$, $Date$ */ -public class KeyGenInput extends EnrollInput implements IProfileInput { +public class KeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = - EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = - EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -69,7 +66,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -92,20 +89,20 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { CMS.debug("KeyGenInput: populate - invalid cert request type " + - ""); + ""); throw new EProfileException( CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", - "")); + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); @@ -115,7 +112,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); @@ -124,7 +121,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); @@ -149,17 +146,17 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { // This profile only handle the first request in CRMF Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error CMS.debug("DualKeyGenInput: populate - " + - "invalid cert request type " + keygen_request_type); + "invalid cert request type " + keygen_request_type); throw new EProfileException(CMS.getUserMessage( getLocale(request), "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java index dce75c15..542a2c94 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,15 +29,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the serial number input * for renewal * <p> - * - * @author Christina Fu + * + * @author Christina Fu */ -public class SerialNumRenewInput extends EnrollInput implements IProfileInput { +public class SerialNumRenewInput extends EnrollInput implements IProfileInput { public static final String SERIAL_NUM = "serial_num"; @@ -50,7 +48,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -72,7 +70,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java index 4a8f6050..a12351f8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This plugin accepts subject DN from end user. */ -public class SubjectDNInput extends EnrollInput implements IProfileInput { +public class SubjectDNInput extends EnrollInput implements IProfileInput { public static final String VAL_SUBJECT = "subject"; @@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -70,37 +68,36 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration<String> getValueNames() { - Vector<String> v = new Vector<String>(); - v.addElement(VAL_SUBJECT); - return v.elements(); + Vector<String> v = new Vector<String>(); + v.addElement(VAL_SUBJECT); + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; subjectName = ctx.get(VAL_SUBJECT); if (subjectName.equals("")) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; @@ -108,10 +105,10 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { name = new X500Name(subjectName); } catch (Exception e) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -133,13 +130,13 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { } protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java index 15f906f9..55ede138 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the subject name input * that populates text fields to the enrollment * page so that distinguished name parameters * can be collected from the user. * <p> - * The collected parameters could be used for - * fomulating the subject name in the certificate. + * The collected parameters could be used for fomulating the subject name in the certificate. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubjectNameInput extends EnrollInput implements IProfileInput { +public class SubjectNameInput extends EnrollInput implements IProfileInput { public static final String CONFIG_UID = "sn_uid"; public static final String CONFIG_EMAIL = "sn_e"; @@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -106,101 +103,100 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } - public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - String c_uid = getConfig(CONFIG_UID); - if (c_uid == null || c_uid.equals("")) { - v.addElement(VAL_UID); // default case - } else { - if (c_uid.equals("true")) { - v.addElement(VAL_UID); - } - } - String c_email = getConfig(CONFIG_EMAIL); - if (c_email == null || c_email.equals("")) { - v.addElement(VAL_EMAIL); - } else { - if (c_email.equals("true")) { - v.addElement(VAL_EMAIL); - } - } - String c_cn = getConfig(CONFIG_CN); - if (c_cn == null || c_cn.equals("")) { - v.addElement(VAL_CN); - } else { - if (c_cn.equals("true")) { - v.addElement(VAL_CN); - } - } - String c_ou3 = getConfig(CONFIG_OU3); - if (c_ou3 == null || c_ou3.equals("")) { - v.addElement(VAL_OU3); - } else { - if (c_ou3.equals("true")) { - v.addElement(VAL_OU3); - } - } - String c_ou2 = getConfig(CONFIG_OU2); - if (c_ou2 == null || c_ou2.equals("")) { - v.addElement(VAL_OU2); - } else { - if (c_ou2.equals("true")) { - v.addElement(VAL_OU2); - } - } - String c_ou1 = getConfig(CONFIG_OU1); - if (c_ou1 == null || c_ou1.equals("")) { - v.addElement(VAL_OU1); - } else { - if (c_ou1.equals("true")) { - v.addElement(VAL_OU1); - } - } - String c_ou = getConfig(CONFIG_OU); - if (c_ou == null || c_ou.equals("")) { - v.addElement(VAL_OU); - } else { - if (c_ou.equals("true")) { - v.addElement(VAL_OU); - } - } - String c_o = getConfig(CONFIG_O); - if (c_o == null || c_o.equals("")) { - v.addElement(VAL_O); - } else { - if (c_o.equals("true")) { - v.addElement(VAL_O); - } - } - String c_c = getConfig(CONFIG_C); - if (c_c == null || c_c.equals("")) { - v.addElement(VAL_C); - } else { - if (c_c.equals("true")) { - v.addElement(VAL_C); - } - } - return v.elements(); + Vector v = new Vector(); + String c_uid = getConfig(CONFIG_UID); + if (c_uid == null || c_uid.equals("")) { + v.addElement(VAL_UID); // default case + } else { + if (c_uid.equals("true")) { + v.addElement(VAL_UID); + } + } + String c_email = getConfig(CONFIG_EMAIL); + if (c_email == null || c_email.equals("")) { + v.addElement(VAL_EMAIL); + } else { + if (c_email.equals("true")) { + v.addElement(VAL_EMAIL); + } + } + String c_cn = getConfig(CONFIG_CN); + if (c_cn == null || c_cn.equals("")) { + v.addElement(VAL_CN); + } else { + if (c_cn.equals("true")) { + v.addElement(VAL_CN); + } + } + String c_ou3 = getConfig(CONFIG_OU3); + if (c_ou3 == null || c_ou3.equals("")) { + v.addElement(VAL_OU3); + } else { + if (c_ou3.equals("true")) { + v.addElement(VAL_OU3); + } + } + String c_ou2 = getConfig(CONFIG_OU2); + if (c_ou2 == null || c_ou2.equals("")) { + v.addElement(VAL_OU2); + } else { + if (c_ou2.equals("true")) { + v.addElement(VAL_OU2); + } + } + String c_ou1 = getConfig(CONFIG_OU1); + if (c_ou1 == null || c_ou1.equals("")) { + v.addElement(VAL_OU1); + } else { + if (c_ou1.equals("true")) { + v.addElement(VAL_OU1); + } + } + String c_ou = getConfig(CONFIG_OU); + if (c_ou == null || c_ou.equals("")) { + v.addElement(VAL_OU); + } else { + if (c_ou.equals("true")) { + v.addElement(VAL_OU); + } + } + String c_o = getConfig(CONFIG_O); + if (c_o == null || c_o.equals("")) { + v.addElement(VAL_O); + } else { + if (c_o.equals("true")) { + v.addElement(VAL_O); + } + } + String c_c = getConfig(CONFIG_C); + if (c_c == null || c_c.equals("")) { + v.addElement(VAL_C); + } else { + if (c_c.equals("true")) { + v.addElement(VAL_C); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; String uid = ctx.get(VAL_UID); @@ -270,8 +266,8 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } if (subjectName.equals("")) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; @@ -279,10 +275,10 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { name = new X500Name(subjectName); } catch (Exception e) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -374,13 +370,13 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + - e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java index 52df2d41..984706f4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -30,16 +29,15 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the submitter information - * input that collects certificate requestor's + * input that collects certificate requestor's * information such as name, email and phone. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubmitterInfoInput extends EnrollInput implements IProfileInput { +public class SubmitterInfoInput extends EnrollInput implements IProfileInput { public static final String NAME = "requestor_name"; public static final String EMAIL = "requestor_email"; @@ -55,7 +53,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -77,7 +75,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java index 64988fed..3c606789 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input from TPS. * This input populates 2 main fields to the enrollment "page": * 1/ token cuid, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_TOKEN_CUID = "tokencuid"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -80,66 +77,65 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } - /* - * Pretty print token cuid - */ - public String toPrettyPrint(String cuid) - { - if (cuid == null) - return null; - - if (cuid.length() != 20) - return null; - - StringBuffer sb = new StringBuffer(); - for (int i=0; i < cuid.length(); i++) { - if (i == 4 || i == 8 || i == 12 || i == 16) { - sb.append("-"); - } - sb.append(cuid.charAt(i)); - } - return sb.toString(); - } + /* + * Pretty print token cuid + */ + public String toPrettyPrint(String cuid) { + if (cuid == null) + return null; + + if (cuid.length() != 20) + return null; + + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < cuid.length(); i++) { + if (i == 4 || i == 8 || i == 12 || i == 16) { + sb.append("-"); + } + sb.append(cuid.charAt(i)); + } + return sb.toString(); + } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String tcuid = ctx.get(VAL_TOKEN_CUID); - // pretty print tcuid - String prettyPrintCuid = toPrettyPrint(tcuid); - if (prettyPrintCuid == null) { + // pretty print tcuid + String prettyPrintCuid = toPrettyPrint(tcuid); + if (prettyPrintCuid == null) { throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); - } + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); + } - request.setExtData("pretty_print_tokencuid", prettyPrintCuid); + request.setExtData("pretty_print_tokencuid", prettyPrintCuid); String pk = ctx.get(VAL_PUBLIC_KEY); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (tcuid == null) { - CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + - ""); + CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); } if (pk == null) { - CMS.debug("nsHKeyCertReqInput: populate - public key not found " + - ""); + CMS.debug("nsHKeyCertReqInput: populate - public key not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); + mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -152,12 +148,12 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); } else if (name.equals(VAL_PUBLIC_KEY)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java index 58984c6c..19679868 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; - import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the certificate request input from TPS. * This input populates 2 main fields to the enrollment "page": * 1/ id, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for - * certificate requests coming from TPS. - * + * This input usually is used by an enrollment profile for certificate requests coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_SN = "screenname"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -84,30 +81,30 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String sn = ctx.get(VAL_SN); String pk = ctx.get(VAL_PUBLIC_KEY); X509CertInfo info = - request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (sn == null) { - CMS.debug("nsNKeyCertReqInput: populate - id not found " + - ""); + CMS.debug("nsNKeyCertReqInput: populate - id not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_ID", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_ID", + "")); } if (pk == null) { - CMS.debug("nsNKeyCertReqInput: populate - public key not found " + - ""); + CMS.debug("nsNKeyCertReqInput: populate - public key not found " + + ""); throw new EProfileException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", - "")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); + mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -120,12 +117,12 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); } else if (name.equals(VAL_PUBLIC_KEY)) { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java index 999bdc67..2253460b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the output plugin that outputs * CMMF response for the issued certificate. - * + * * @version $Revision$, $Date$ */ -public class CMMFOutput extends EnrollOutput implements IProfileOutput { +public class CMMFOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_CMMF_RESPONSE = "cmmf_response"; @@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -88,7 +86,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -99,61 +97,61 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_CMMF_RESPONSE)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CMMF_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CMMF_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_CMMF_RESPONSE)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - byte[][] caPubs = new byte[cacerts.length][]; - - for (int j = 0; j < cacerts.length; j++) { - caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); - } - - CertRepContent certRepContent = null; - certRepContent = new CertRepContent(caPubs); - - PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); - CertResponse resp = - new CertResponse(new INTEGER(request.getRequestId().toString()), - status, certifiedKP); - certRepContent.addCertResponse(resp); - - ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); - certRepContent.encode(certRepOut); - byte[] certRepBytes = certRepOut.toByteArray(); - - return CMS.BtoA(certRepBytes); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + byte[][] caPubs = new byte[cacerts.length][]; + + for (int j = 0; j < cacerts.length; j++) { + caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); + } + + CertRepContent certRepContent = null; + certRepContent = new CertRepContent(caPubs); + + PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); + CertResponse resp = + new CertResponse(new INTEGER(request.getRequestId().toString()), + status, certifiedKP); + certRepContent.addCertResponse(resp); + + ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); + certRepContent.encode(certRepOut); + byte[] certRepBytes = certRepOut.toByteArray(); + + return CMS.BtoA(certRepBytes); } catch (Exception e) { - return null; + return null; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java index 7a2631da..1293c055 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the pretty print certificate output * that displays the issued certificate in a pretty print format. - * + * * @version $Revision$, $Date$ */ -public class CertOutput extends EnrollOutput implements IProfileOutput { +public class CertOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_B64_CERT = "b64_cert"; @@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -76,7 +74,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -87,25 +85,25 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_B64_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_B64_CERT)) { @@ -113,7 +111,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - return CMS.getEncodedCert(cert); + return CMS.getEncodedCert(cert); } else { return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java index 5e3f077b..25a4b490 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; - /** * This class implements the basic enrollment output. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollOutput implements IProfileOutput { +public abstract class EnrollOutput implements IProfileOutput { private IConfigStore mConfig = null; private Vector<String> mValueNames = new Vector<String>(); protected Vector<String> mConfigNames = new Vector<String>(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -60,28 +58,27 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the descriptor of the given value * parameter by name. - * + * * @param locale user locale * @param name property name * @return property descriptor */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); - /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return output policy name */ @@ -89,7 +86,7 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return output policy description */ @@ -103,7 +100,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -111,7 +108,7 @@ public abstract class EnrollOutput implements IProfileOutput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -124,7 +121,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public void setConfig(String name, String value) - throws EPropertyException { + throws EPropertyException { } public String getConfig(String name) { diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java index 65718481..0e01e15d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the output plugin that outputs * PKCS7 for the issued certificate. - * + * * @version $Revision$, $Date$ */ -public class PKCS7Output extends EnrollOutput implements IProfileOutput { +public class PKCS7Output extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_PKCS7 = "pkcs7"; @@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -85,7 +83,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -96,61 +94,61 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_PRETTY_CERT)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_PP")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_PKCS7)) { return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_PKCS7_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_PKCS7_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { X509CertImpl cert = request.getExtDataInCert( EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + return null; + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_PKCS7)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; - int m = 1, n = 0; - - for (; n < cacerts.length; m++, n++) { - userChain[m] = (X509CertImpl) cacerts[n]; - } - - userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos); - byte[] p7Bytes = bos.toByteArray(); - String p7Str = CMS.BtoA(p7Bytes); - - return p7Str; + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; + int m = 1, n = 0; + + for (; n < cacerts.length; m++, n++) { + userChain[m] = (X509CertImpl) cacerts[n]; + } + + userChain[0] = cert; + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos); + byte[] p7Bytes = bos.toByteArray(); + String p7Str = CMS.BtoA(p7Bytes); + + return p7Str; } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java index 90aa40a1..6bf03f43 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; - import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements the output plugin that outputs * DER for the issued certificate for token keys - * + * * @version $Revision$, $Date$ */ -public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { +public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_DER = "der"; @@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -74,7 +72,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** @@ -85,24 +83,24 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { if (name.equals(VAL_DER)) { return new Descriptor("der_b64", null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_DER_B64")); + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_DER_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_DER)) { try { - X509CertImpl cert = request.getExtDataInCert( - EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.BtoA(cert.getEncoded()); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + return CMS.BtoA(cert.getEncoded()); } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index 69803421..928e36c2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -58,7 +58,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { private Vector mValueNames = new Vector(); private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; @@ -67,8 +67,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public SubsystemGroupUpdater() { } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { mConfig = config; mProfile = profile; mEnrollProfile = (EnrollProfile) profile; @@ -82,8 +82,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return null; } - public void setConfig(String name, String value) - throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -108,8 +108,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return mConfig; } - public void update(IRequest req, RequestStatus status) - throws EProfileException { + public void update(IRequest req, RequestStatus status) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -124,33 +124,34 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; IConfigStore mainConfig = CMS.getConfigStore(); - - int num=0; + + int num = 0; try { num = mainConfig.getInteger("subsystem.count", 0); - } catch (Exception e) {} + } catch (Exception e) { + } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String requestor_name = "subsystem"; try { - requestor_name = req.getExtDataInString("requestor_name"); + requestor_name = req.getExtDataInString("requestor_name"); } catch (Exception e1) { - // ignore + // ignore } // i.e. tps-1.2.3.4-4 String id = requestor_name; - + num++; mainConfig.putInteger("subsystem.count", num); - + try { mainConfig.commit(false); } catch (Exception e) { } String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + + "+Resource;;" + id + "+fullname;;" + id + "+state;;1" + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; @@ -196,8 +197,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + - "+Resource;;"+ id + - "+cert;;"+ b64; + "+Resource;;" + id + + "+cert;;" + b64; system.addUserCert(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); @@ -216,7 +217,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater { ILogger.FAILURE, auditParams); audit(auditMessage); - throw new EProfileException(e.toString()); + throw new EProfileException(e.toString()); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); @@ -232,17 +233,17 @@ public class SubsystemGroupUpdater implements IProfileUpdater { IGroup group = null; String groupName = "Subsystem Group"; auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + - "+Resource;;"+ groupName; + "+Resource;;" + groupName; try { group = system.getGroupFromName(groupName); - + auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -287,10 +288,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } private String auditSubjectID() { diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java index aea489e3..e76571db 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java @@ -20,7 +20,6 @@ package com.netscape.cms.publish.mappers; - /////////////////////// // import statements // /////////////////////// @@ -49,7 +48,6 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; - ////////////////////// // class definition // ////////////////////// @@ -60,13 +58,15 @@ import com.netscape.certsrv.request.IRequest; * subject name, extension or request attributes. * <p> * - * The syntax is + * The syntax is + * * <pre> * avaPattern := constant-value | * "$subj" "." attrName [ "." attrNumber ] | * "$req" "." [ prefix .] attrName [ "." attrNumber ] | - * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] * </pre> + * * <pre> * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i> * cert subjectAltName is rfc822Name: jjames@mcom.com @@ -77,9 +77,9 @@ import com.netscape.certsrv.request.IRequest; * The first rfc822name value in the subjAltName extension. <br> * <p> * </pre> - * If a request attribute or subject DN component does not exist, - * the attribute is skipped. - * + * + * If a request attribute or subject DN component does not exist, the attribute is skipped. + * * @version $Revision$, $Date$ */ class AVAPattern { @@ -101,12 +101,12 @@ class AVAPattern { "EDIName", "URIName", "IPAddress", - "OIDName"}; + "OIDName" }; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; @@ -140,7 +140,7 @@ class AVAPattern { ///////////// public AVAPattern(String component) - throws ELdapException { + throws ELdapException { if (component == null || component.length() == 0) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); } @@ -148,13 +148,13 @@ class AVAPattern { parse(new PushbackReader(new StringReader(component))); } - public AVAPattern(PushbackReader in) - throws ELdapException { + public AVAPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { int c; // skip spaces @@ -169,7 +169,7 @@ class AVAPattern { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) { + if (c == -1) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } @@ -189,9 +189,9 @@ class AVAPattern { if (c == 'r') { try { - if (in.read() != 'e' || - in.read() != 'q' || - in.read() != '.') { + if (in.read() != 'e' || + in.read() != 'q' || + in.read() != '.') { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $req in ava pattern")); } @@ -204,10 +204,10 @@ class AVAPattern { //System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || - in.read() != 'b' || - in.read() != 'j' || - in.read() != '.') { + if (in.read() != 'u' || + in.read() != 'b' || + in.read() != 'j' || + in.read() != '.') { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $subj in ava pattern")); } @@ -220,9 +220,9 @@ class AVAPattern { //System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || - in.read() != 't' || - in.read() != '.') { + if (in.read() != 'x' || + in.read() != 't' || + in.read() != '.') { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $ext in ava pattern")); } @@ -235,7 +235,7 @@ class AVAPattern { //System.out.println("----- mtype $ext"); } else { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + "unknown keyword. expecting $subj $ext or $req.")); } // get request attribute or @@ -245,14 +245,14 @@ class AVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { //System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( @@ -260,7 +260,7 @@ class AVAPattern { } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) { + if (mValue.length() == 0) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$subj $ext or $req attribute name expected")); } @@ -272,13 +272,13 @@ class AVAPattern { try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { + && c != '+') { //System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } if (c == ',' || c == '+') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( @@ -304,7 +304,7 @@ class AVAPattern { } else { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element " + - "$req $ext or $subj")); + "$req $ext or $subj")); } // get nth request attribute . @@ -313,14 +313,14 @@ class AVAPattern { try { while ((c = in.read()) != ',' && - c != -1 && c != '+') { + c != -1 && c != '+') { //System.out.println("mElement read "+ // (char)c); attrNumberBuf1.append((char) c); } - if (c != -1) { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c != -1) { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException ex) { throw new ELdapException( @@ -328,18 +328,18 @@ class AVAPattern { } String attrNumber1 = - attrNumberBuf1.toString().trim(); + attrNumberBuf1.toString().trim(); if (attrNumber1.length() == 0) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected")); } - try { - mElement = Integer.parseInt(attrNumber1) - 1; + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element " + - "$req or $ext.")); + "$req or $ext.")); } } } @@ -361,7 +361,7 @@ class AVAPattern { } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { throw new ELdapException( @@ -383,9 +383,9 @@ class AVAPattern { } public String formAVA(IRequest req, - X500Name subject, - CertificateExtensions extensions) - throws ELdapException { + X500Name subject, + CertificateExtensions extensions) + throws ELdapException { if (TYPE_CONSTANT.equals(mType)) { return mValue; } @@ -393,7 +393,7 @@ class AVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) { + if (mTestDN != null) { dn = mTestDN; } @@ -410,8 +410,8 @@ class AVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } @@ -431,10 +431,10 @@ class AVAPattern { for (int i = 0; i < extensions.size(); i++) { Extension ext = (Extension) - extensions.elementAt(i); + extensions.elementAt(i); String extName = - OIDMap.getName(ext.getExtensionId()); + OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); @@ -450,9 +450,9 @@ class AVAPattern { SubjectAlternativeNameExtension.class.getSimpleName())) { try { GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) + ((SubjectAlternativeNameExtension) ext).get( - SubjectAlternativeNameExtension.SUBJECT_NAME); + SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) { break; @@ -461,11 +461,10 @@ class AVAPattern { int j = 0; for (Enumeration<GeneralNameInterface> n = - subjectNames.elements(); - n.hasMoreElements();) { + subjectNames.elements(); n.hasMoreElements();) { GeneralName gn = (GeneralName) - n.nextElement(); + n.nextElement(); String gname = gn.toString(); @@ -476,7 +475,7 @@ class AVAPattern { } String gType = - gname.substring(0, index); + gname.substring(0, index); if (mGNType != null) { if (mGNType.equalsIgnoreCase(gType)) { @@ -497,12 +496,12 @@ class AVAPattern { j++; } } - } catch (IOException e) { + } catch (IOException e) { CMS.debug( - "AVAPattern: Publishing attr not formed " + - "from extension " + - "-- no attr : " + - mValue); + "AVAPattern: Publishing attr not formed " + + "from extension " + + "-- no attr : " + + mValue); } } } @@ -510,10 +509,10 @@ class AVAPattern { } CMS.debug( - "AVAPattern: Publishing:attr not formed " + - "from extension " + - "-- no attr : " + - mValue); + "AVAPattern: Publishing:attr not formed " + + "from extension " + + "-- no attr : " + + mValue); return null; } @@ -522,8 +521,7 @@ class AVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new - ELdapException( + throw new ELdapException( CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, "")); } @@ -550,10 +548,10 @@ class AVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' + * Explode RDN into AVAs. + * Does not handle escaped '+' * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * If RDN is malformed returns empty array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); @@ -578,7 +576,7 @@ class AVAPattern { } /** - * Explode AVA into name and value. + * Explode AVA into name and value. * Does not handle escaped '=' * If AVA is malformed empty array is returned. */ @@ -593,4 +591,3 @@ class AVAPattern { ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java index 3cf1bca8..36814344 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -48,20 +47,19 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * Maps a request to an entry in the LDAP server. * Takes a dnPattern to form the baseDN from the request attributes - * and certificate subject name.Do a base search for the entry + * and certificate subject name.Do a base search for the entry * in the directory to publish the cert or crl. * The restriction of this mapper is that the ldap dn components must * be part of certificate subject name or request attributes or constant. - * + * * @version $Revision$, $Date$ */ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; - protected static final String PROP_CREATECA = "createCAEntry"; + protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_CREATECA = "createCAEntry"; protected String mDnPattern = null; protected boolean mCreateCAEntry = true; @@ -79,13 +77,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapCaSimpleMap(String dnPattern) { try { @@ -93,7 +91,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -105,11 +103,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "dnPattern;string;Describes how to form the Ldap Subject name in" + - " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + - " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + - "$req means: take the attribute from the request. " + - "$subj means: take the attribute from the certificate subject name. " + - "$ext means: take the attribute from the certificate extension", + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", "createCAEntry;boolean;If checked, CA entry will be created automatically", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper", IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" @@ -122,11 +120,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -138,12 +136,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { * common initialization routine. */ protected void init(String dnPattern) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); @@ -151,7 +149,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString())); - throw new EBaseException("falied to init with pattern " + + throw new EBaseException("falied to init with pattern " + dnPattern + " " + e); } @@ -162,12 +160,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { * Maps a X500 subject name to LDAP entry. * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, null, obj); } @@ -175,13 +173,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { * Maps a X500 subject name to LDAP entry. * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -204,26 +202,26 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, + ((req == null) ? "" : req.getRequestId().toString()))); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" : req.getRequestId().toString()))); + CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, + ((req == null) ? "" : req.getRequestId().toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -232,7 +230,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) { try { @@ -246,8 +244,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1")); } - throw new - ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn)); } } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString())); @@ -260,19 +257,19 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { } private void createCAEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = new String[] {"top", - "person", - "organizationalPerson", - "inetOrgPerson"}; - - String oOc[] = {"top", - "organization"}; - String oiOc[] = {"top", - "organizationalunit"}; - + String caOc[] = new String[] { "top", + "person", + "organizationalPerson", + "inetOrgPerson" }; + + String oOc[] = { "top", + "organization" }; + String oiOc[] = { "top", + "organizationalunit" }; + DN dnobj = new DN(dn); String attrval[] = dnobj.explodeDN(true); @@ -286,6 +283,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ @@ -296,13 +294,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString()); X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); certExt = (CertificateExtensions) info.get( CertificateExtensions.NAME); @@ -316,12 +314,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCaSimpleMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { + subjectDN.toString()); + } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", ((req == null) ? "" : req.getRequestId().toString()))); return null; @@ -332,9 +330,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" : req.getRequestId().toString()), e.toString())); throw new EBaseException("falied to form dn for request: " + ((req == null) ? "" : req.getRequestId().toString()) + " " + e); } @@ -362,9 +360,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { + } else { v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + mConfig.getString(PROP_DNPATTERN)); } v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true)); } catch (Exception e) { @@ -374,8 +372,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaSimpleMapper: " + msg); + "LdapCaSimpleMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java index 17c562ce..2373e3c6 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.CRLException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -34,9 +33,8 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's +/** + * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's * subject name to form the ldap search dn and filter. * Takes a optional root search dn. * The DN comps are used to form a LDAP entry to begin a subtree search. @@ -45,11 +43,11 @@ import com.netscape.certsrv.request.IRequest; * If the baseDN is null and none of the DN comps matched, it is an error. * If none of the DN comps and filter comps matched, it is an error. * If just the filter comps is null, a base search is performed. - * + * * @version $Revision$, $Date$ */ -public class LdapCertCompsMap - extends LdapDNCompsMap implements ILdapMapper { +public class LdapCertCompsMap + extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCertCompsMap() { @@ -57,9 +55,9 @@ public class LdapCertCompsMap // via configuration } - /** + /** * Constructor. - * + * * The DN comps are used to form a LDAP entry to begin a subtree search. * The filter comps are used to form a search filter for the subtree. * If none of the DN comps matched, baseDN is used for the subtree. @@ -67,12 +65,12 @@ public class LdapCertCompsMap * If none of the DN comps and filter comps matched, it is an error. * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } @@ -99,20 +97,20 @@ public class LdapCertCompsMap /** * constructor using non-standard certificate attribute. */ - public LdapCertCompsMap(String certAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapCertCompsMap(String certAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { super(certAttr, baseDN, dnComps, filterComps); } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { super.init(baseDN, dnComps, filterComps); } /** * Maps a certificate to LDAP entry. - * Uses DN components and filter components to form a DN and + * Uses DN components and filter components to form a DN and * filter for a LDAP search. * If the formed DN is null the baseDN will be used. * If the formed DN is null and baseDN is null an error is thrown. @@ -123,16 +121,16 @@ public class LdapCertCompsMap * @param obj - the X509Certificate. */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; try { X509Certificate cert = (X509Certificate) obj; String result = null; // form dn and filter for search. - X500Name subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + X500Name subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertCompsMap: " + subjectDN.toString()); @@ -148,8 +146,8 @@ public class LdapCertCompsMap try { X509CRLImpl crl = (X509CRLImpl) obj; String result = null; - X500Name issuerDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertCompsMap: " + issuerDN.toString()); @@ -168,14 +166,13 @@ public class LdapCertCompsMap } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertCompsMap: " + msg); + "LdapCertCompsMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java index 7eded9cd..a1f79a48 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * Maps a X509 certificate to a LDAP entry by using the subject name * of the certificate as the LDAP entry DN. - * + * * @version $Revision$, $Date$ */ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { @@ -64,7 +62,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited == true) return; mConfig = config; @@ -74,9 +72,9 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-certexactmapper", + ";configuration-ldappublish-mapper-certexactmapper", IExtendedPluginInfo.HELP_TEXT + - ";Literally uses the subject name of the certificate as the DN to publish to" + ";Literally uses the subject name of the certificate as the DN to publish to" }; return params; @@ -95,7 +93,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { return v; } - + public Vector<String> getInstanceParams() { Vector<String> v = new Vector<String>(); @@ -103,15 +101,15 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Finds the entry for the certificate by looking for the cert + * Finds the entry for the certificate by looking for the cert * subject name in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ + */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; @@ -120,7 +118,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString()); @@ -128,12 +126,12 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertExactMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { + subjectDN.toString()); + } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } @@ -141,19 +139,19 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "Searching for " + subjectDN.toString()); - LDAPSearchResults results = - conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, - "(objectclass=*)", attrs, false); - + LDAPSearchResults results = + conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, + "(objectclass=*)", attrs, false); + LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -165,7 +163,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString())); @@ -190,14 +188,13 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertExactMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertExactMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index 42db2b27..e12606b2 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * Maps a X509 certificate to a LDAP entry by finding an LDAP entry * which has an attribute whose contents are equal to the cert subject name. - * + * * @version $Revision$, $Date$ */ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { @@ -64,8 +62,9 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { /** * constructs a certificate subject name mapper with search base. - * @param searchBase the dn to start searching for the certificate - * subject name. + * + * @param searchBase the dn to start searching for the certificate + * subject name. */ public LdapCertSubjMap(String searchBase) { if (searchBase == null) @@ -82,10 +81,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { * @param certSubjNameAttr attribute for certificate subject names. * @param certAttr attribute to find certificate. */ - public LdapCertSubjMap(String searchBase, - String certSubjNameAttr, String certAttr) { - if (searchBase == null || - certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; @@ -93,10 +92,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { mInited = true; } - public LdapCertSubjMap(String searchBase, - String certSubjNameAttr, String certAttr, boolean useAllEntries) { - if (searchBase == null || - certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr, boolean useAllEntries) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; @@ -128,15 +127,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { "searchBase;string;Base DN to search from", "useAllEntries;boolean;Use all entries for publishing", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-certsubjmapper", + ";configuration-ldappublish-mapper-certsubjmapper", IExtendedPluginInfo.HELP_TEXT + - ";This plugin assumes you want to publish to an LDAP entry which has " + - "an attribute whose contents are equal to the cert subject name" + ";This plugin assumes you want to publish to an LDAP entry which has " + + "an attribute whose contents are equal to the cert subject name" }; return params; } - + public Vector<String> getInstanceParams() { Vector<String> v = new Vector<String>(); @@ -159,7 +158,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited == true) return; mConfig = config; @@ -171,15 +170,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Finds the entry for the certificate by looking for the cert + * Finds the entry for the certificate by looking for the cert * subject name in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ + */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X500Name subjectDN = null; @@ -187,7 +186,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); @@ -195,12 +194,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertSubjMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { + subjectDN.toString()); + } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } @@ -208,20 +207,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "search " + mSearchBase + - " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPSearchResults results = - conn.search(mSearchBase, LDAPv2.SCOPE_SUB, - "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -233,11 +232,11 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -259,12 +258,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } public Vector<String> mapAll(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { Vector<String> v = new Vector<String>(); if (conn == null) @@ -282,20 +281,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "search " + mSearchBase + - " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPSearchResults results = - conn.search(mSearchBase, LDAPv2.SCOPE_SUB, - "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); v.addElement(dn); - CMS.debug("LdapCertSubjMap: dn="+dn); + CMS.debug("LdapCertSubjMap: dn=" + dn); } CMS.debug("LdapCertSubjMap: Number of entries: " + v.size()); } catch (LDAPException e) { @@ -303,11 +302,11 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -316,13 +315,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public Vector<String> mapAll(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return mapAll(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertSubjMap: " + msg); } /** @@ -344,4 +343,3 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java index 40283e98..4451706a 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.CRLException; import java.util.Vector; @@ -32,16 +31,15 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Default crl mapper. +/** + * Default crl mapper. * maps the crl to a ldap entry by using components in the issuer name * to find the CA's entry. - * + * * @version $Revision$, $Date$ */ -public class LdapCrlIssuerCompsMap - extends LdapDNCompsMap implements ILdapMapper { +public class LdapCrlIssuerCompsMap + extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCrlIssuerCompsMap() { @@ -49,9 +47,9 @@ public class LdapCrlIssuerCompsMap // via configuration } - /** + /** * Constructor. - * + * * The DN comps are used to form a LDAP entry to begin a subtree search. * The filter comps are used to form a search filter for the subtree. * If none of the DN comps matched, baseDN is used for the subtree. @@ -59,21 +57,21 @@ public class LdapCrlIssuerCompsMap * If none of the DN comps and filter comps matched, it is an error. * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } /** * constructor using non-standard certificate attribute. */ - public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { super(crlAttr, baseDN, dnComps, filterComps); } @@ -99,14 +97,14 @@ public class LdapCrlIssuerCompsMap } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; super.init(baseDN, dnComps, filterComps); } /** * Maps a crl to LDAP entry. - * Uses issuer DN components and filter components to form a DN and + * Uses issuer DN components and filter components to form a DN and * filter for a LDAP search. * If the formed DN is null the baseDN will be used. * If the formed DN is null and baseDN is null an error is thrown. @@ -116,18 +114,18 @@ public class LdapCrlIssuerCompsMap * @param conn - the LDAP connection. * @param obj - the X509Certificate. * @return the result. LdapCertMapResult is also used for CRL. - */ + */ public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X509CRLImpl crl = (X509CRLImpl) obj; try { String result = null; - X500Name issuerDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString()); @@ -136,14 +134,14 @@ public class LdapCrlIssuerCompsMap result = super.map(conn, issuerDN, crlbytes); return result; } catch (CRLException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString())); } } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } @@ -152,8 +150,7 @@ public class LdapCrlIssuerCompsMap */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlCompsMap: " + msg); + "LdapCrlCompsMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java index a9df7dae..e2457b88 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,8 +45,7 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPlugin; - -/** +/** * Maps a Subject name to an entry in the LDAP server. * subject name to form the ldap search dn and filter. * Takes a optional root search dn. @@ -57,11 +55,11 @@ import com.netscape.certsrv.publish.ILdapPlugin; * If the baseDN is null and none of the DN comps matched, it is an error. * If none of the DN comps and filter comps matched, it is an error. * If just the filter comps is null, a base search is performed. - * + * * @version $Revision$, $Date$ */ -public class LdapDNCompsMap - implements ILdapPlugin, IExtendedPluginInfo { +public class LdapDNCompsMap + implements ILdapPlugin, IExtendedPluginInfo { //protected String mLdapAttr = null; protected String mBaseDN = null; protected ObjectIdentifier[] mDnComps = null; @@ -71,9 +69,9 @@ public class LdapDNCompsMap private boolean mInited = false; protected IConfigStore mConfig = null; - /** + /** * Constructor. - * + * * The DN comps are used to form a LDAP entry to begin a subtree search. * The filter comps are used to form a search filter for the subtree. * If none of the DN comps matched, baseDN is used for the subtree. @@ -81,13 +79,13 @@ public class LdapDNCompsMap * If none of the DN comps and filter comps matched, it is an error. * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ - public LdapDNCompsMap(String ldapAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapDNCompsMap(String ldapAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { //mLdapAttr = ldapAttr; init(baseDN, dnComps, filterComps); } @@ -102,17 +100,17 @@ public class LdapDNCompsMap return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String baseDN = mConfig.getString("baseDN"); - ObjectIdentifier[] dnComps = - getCompsFromString(mConfig.getString("dnComps")); - ObjectIdentifier[] filterComps = - getCompsFromString(mConfig.getString("filterComps")); + ObjectIdentifier[] dnComps = + getCompsFromString(mConfig.getString("dnComps")); + ObjectIdentifier[] filterComps = + getCompsFromString(mConfig.getString("filterComps")); init(baseDN, dnComps, filterComps); } @@ -131,12 +129,12 @@ public class LdapDNCompsMap "dnComps;string;Comma-separated list of attributes to put in the DN", "filterComps;string;Comma-separated list of attributes to form the filter", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-dncompsmapper", + ";configuration-ldappublish-mapper-dncompsmapper", IExtendedPluginInfo.HELP_TEXT + - ";More complex mapper. Used when there is not enough information " + - "in the cert request to form the complete LDAP DN. Using this " + - "plugin, you can specify additional LDAP filters to narrow down the " + - "search" + ";More complex mapper. Used when there is not enough information " + + "in the cert request to form the complete LDAP DN. Using this " + + "plugin, you can specify additional LDAP filters to narrow down the " + + "search" }; return s; @@ -163,14 +161,14 @@ public class LdapDNCompsMap if (mDnComps == null) { v.addElement("dnComps="); } else { - v.addElement("dnComps=" + - mConfig.getString("dnComps")); + v.addElement("dnComps=" + + mConfig.getString("dnComps")); } if (mFilterComps == null) { v.addElement("filterComps="); } else { - v.addElement("filterComps=" + - mConfig.getString("filterComps")); + v.addElement("filterComps=" + + mConfig.getString("filterComps")); } } catch (Exception e) { } @@ -181,8 +179,8 @@ public class LdapDNCompsMap * common initialization routine. */ protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - if (mInited) + ObjectIdentifier[] filterComps) { + if (mInited) return; mBaseDN = baseDN; @@ -191,36 +189,36 @@ public class LdapDNCompsMap if (filterComps != null) mFilterComps = (ObjectIdentifier[]) filterComps.clone(); - // log debug info. + // log debug info. for (int i = 0; i < mDnComps.length; i++) { CMS.debug( - "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i])); + "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i])); } for (int i = 0; i < mFilterComps.length; i++) { CMS.debug("LdapDNCompsMap: filterComp " + - X500NameAttrMap.getDefault().getName(mFilterComps[i])); + X500NameAttrMap.getDefault().getName(mFilterComps[i])); } mInited = true; } /** * Maps a X500 subject name to LDAP entry. - * Uses DN components and filter components to form a DN and + * Uses DN components and filter components to form a DN and * filter for a LDAP search. * If the formed DN is null the baseDN will be used. * If the formed DN is null and baseDN is null an error is thrown. * If the filter is null a base search is performed. * If both are null an error is thrown. * - * @param conn the LDAP connection. - * @param x500name the dn to map. - * @param obj the object + * @param conn the LDAP connection. + * @param x500name the dn to map. + * @param obj the object * @exception ELdapException if any LDAP exceptions occured. * @return the DN of the entry. - */ - public String map(LDAPConnection conn, X500Name x500name, - byte[] obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, X500Name x500name, + byte[] obj) + throws ELdapException { try { if (conn == null) return null; @@ -240,11 +238,11 @@ public class LdapDNCompsMap // x500name.toString()); // } if (mBaseDN == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_BASE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NO_BASE")); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", - x500name.toString())); + CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", + x500name.toString())); } dn = mBaseDN; } @@ -261,23 +259,23 @@ public class LdapDNCompsMap attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " + - ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); + ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + x500name.toString())); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -286,11 +284,11 @@ public class LdapDNCompsMap // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -298,15 +296,16 @@ public class LdapDNCompsMap private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapDNCompsMap: " + msg); + "LdapDNCompsMap: " + msg); } /** * form a dn and filter from component in the cert subject name + * * @param subjName subject name */ public String[] formDNandFilter(X500Name subjName) - throws ELdapException { + throws ELdapException { Vector<RDN> dnRdns = new Vector<RDN>(); SearchFilter filter = new SearchFilter(); X500NameAttrMap attrMap = X500NameAttrMap.getDefault(); @@ -328,16 +327,16 @@ public class LdapDNCompsMap DerValue val = ava.getValue(); AVA newAVA = new AVA(mailOid, val); RDN newRDN = new RDN(new AVA[] { newAVA } - ); + ); - CMS.debug( - "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " + - newRDN.toLdapDNString() + " in DN"); + CMS.debug( + "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " + + newRDN.toLdapDNString() + " in DN"); rdn = newRDN; } dnRdns.addElement(rdn); CMS.debug( - "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString()); + "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString()); break; } } @@ -348,13 +347,13 @@ public class LdapDNCompsMap AVA newAVA = new AVA(mailOid, val); CMS.debug( - "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " + - newAVA.toLdapDNString() + " in filter"); + "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " + + newAVA.toLdapDNString() + " in filter"); ava = newAVA; } filter.addElement(ava.toLdapDNString()); CMS.debug( - "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString()); + "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString()); break; } } @@ -363,14 +362,14 @@ public class LdapDNCompsMap // return to caller to decide. if (dnRdns.size() != 0) { dnStr = new X500Name(dnRdns).toLdapDNString(); - } + } if (filter.size() != 0) { filterStr = filter.toFilterString(); } } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString())); } @@ -386,12 +385,13 @@ public class LdapDNCompsMap } /** - * class for forming search filters for ldap searching from + * class for forming search filters for ldap searching from * name=value components. components are anded. */ public static class SearchFilter extends Vector<Object> { private static final long serialVersionUID = 4210302171279891828L; + public String toFilterString() { StringBuffer buf = new StringBuffer(); @@ -412,21 +412,22 @@ public class LdapDNCompsMap } /** - * useful routine for parsing components given as string to - * arrays of objectidentifiers. - * The string is expected to be comma separated AVA attribute names. + * useful routine for parsing components given as string to + * arrays of objectidentifiers. + * The string is expected to be comma separated AVA attribute names. * For example, "uid,cn,o,ou". Attribute names are case insensitive. + * * @param val the string specifying the comps * @exception ELdapException if any error occurs. */ public static ObjectIdentifier[] getCompsFromString(String val) - throws ELdapException { + throws ELdapException { StringTokenizer tokens; ObjectIdentifier[] comps; String attr; ObjectIdentifier oid; - if (val == null || val.length() == 0) + if (val == null || val.length() == 0) return new ObjectIdentifier[0]; tokens = new StringTokenizer(val, ", \t\n\r"); @@ -439,7 +440,7 @@ public class LdapDNCompsMap while (tokens.hasMoreTokens()) { attr = tokens.nextToken().trim(); // mail -> E hack to look for E in subject names. - if (attr.equalsIgnoreCase("mail")) + if (attr.equalsIgnoreCase("mail")) attr = "E"; oid = X500NameAttrMap.getDefault().getOid(attr); if (oid != null) { @@ -453,4 +454,3 @@ public class LdapDNCompsMap } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java index e3c2fa1b..c82d978e 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java @@ -20,7 +20,6 @@ package com.netscape.cms.publish.mappers; - /////////////////////// // import statements // /////////////////////// @@ -56,35 +55,32 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - ////////////////////// // class definition // ////////////////////// -/** +/** * Maps a request to an entry in the LDAP server. * Takes a dnPattern to form the baseDN from the * request attributes and certificate subject name. * Does a base search for the entry in the directory - * to publish the cert or crl. The restriction of + * to publish the cert or crl. The restriction of * this mapper is that the ldap dn components must * be part of certificate subject name or request - * attributes or constant. The difference of this - * mapper and LdapSimpleMap is that if the ldap + * attributes or constant. The difference of this + * mapper and LdapSimpleMap is that if the ldap * entry is not found, it has the option to create * the ldap entry given the dn and attributes * formulated. - * + * * @version $Revision$, $Date$ */ public class LdapEnhancedMap - implements ILdapMapper, IExtendedPluginInfo { + implements ILdapMapper, IExtendedPluginInfo { //////////////////////// // default parameters // //////////////////////// - - ////////////////////////////////////// // local LdapEnhancedMap parameters // ////////////////////////////////////// @@ -107,7 +103,7 @@ public class LdapEnhancedMap //////////////////////////// /* mapper plug-in fields */ - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected static final String PROP_CREATE = "createEntry"; // the object class of the entry to be created. xxxx not done yet protected static final String PROP_OBJCLASS = "objectClass"; @@ -145,9 +141,9 @@ public class LdapEnhancedMap /* miscellaneous constants local to this mapper plug-in */ // default dn pattern if left blank or not set in the config - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, " + - "OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, " + + "OU=people, O=$subj.o, C=$subj.c"; private static final int MAX_ATTRS = 10; protected static final int DEFAULT_ATTRNUM = 1; @@ -159,8 +155,6 @@ public class LdapEnhancedMap // IExtendedPluginInfo parameters // //////////////////////////////////// - - /////////////////////// // Logger parameters // /////////////////////// @@ -185,14 +179,14 @@ public class LdapEnhancedMap * common initialization routine. */ protected void init(String dnPattern) - throws EBaseException { + throws EBaseException { if (mInited) { return; } mDnPattern = dnPattern; if (mDnPattern == null || - mDnPattern.length() == 0) { + mDnPattern.length() == 0) { mDnPattern = DEFAULT_DNPATTERN; } @@ -202,11 +196,11 @@ public class LdapEnhancedMap String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", - dnPattern, e.toString())); + CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", + dnPattern, e.toString())); throw new EBaseException( - "falied to init with pattern " + - dnPattern + " " + e); + "falied to init with pattern " + + dnPattern + " " + e); } mInited = true; @@ -214,43 +208,44 @@ public class LdapEnhancedMap /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ private String formDN(IRequest req, Object obj) - throws EBaseException { + throws EBaseException { CertificateExtensions certExt = null; X500Name subjectDN = null; try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug( - "LdapEnhancedMap: cert subject dn:" + - subjectDN.toString()); + "LdapEnhancedMap: cert subject dn:" + + subjectDN.toString()); //certExt = (CertificateExtensions) // ((X509CertImpl)cert).get( // X509CertInfo.EXTENSIONS); X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + - "." + - X509CertImpl.INFO); + ((X509CertImpl) cert).get( + X509CertImpl.NAME + + "." + + X509CertImpl.INFO); certExt = (CertificateExtensions) info.get(CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { @@ -260,14 +255,14 @@ public class LdapEnhancedMap ((X509CRLImpl) crl).getIssuerDN(); CMS.debug( - "LdapEnhancedMap: crl issuer dn: " + + "LdapEnhancedMap: crl issuer dn: " + - subjectDN.toString()); + subjectDN.toString()); } catch (ClassCastException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + ((req == null) ? "" + : req.getRequestId().toString()))); return null; } } @@ -289,26 +284,26 @@ public class LdapEnhancedMap return dn; } catch (ELdapException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" - : req.getRequestId().toString()), e.toString())); + CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" + : req.getRequestId().toString()), e.toString())); throw new EBaseException( "failed to form dn for request: " + - ((req == null) ? "" - : req.getRequestId().toString()) + - " " + e); + ((req == null) ? "" + : req.getRequestId().toString()) + + " " + e); } } private void createEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = { "top", - "person", - "organizationalPerson", + String caOc[] = { "top", + "person", + "organizationalPerson", "inetOrgPerson" }; DN dnobj = new DN(dn); @@ -319,10 +314,10 @@ public class LdapEnhancedMap attrs.add(new LDAPAttribute("objectclass", caOc)); for (int i = 0; i < mNumAttrs; i++) { - if (mLdapNames[i] != null && - !mLdapNames[i].trim().equals("") && - mLdapValues[i] != null && - !mLdapValues[i].trim().equals("")) { + if (mLdapNames[i] != null && + !mLdapNames[i].trim().equals("") && + mLdapValues[i] != null && + !mLdapValues[i].trim().equals("")) { attrs.add(new LDAPAttribute(mLdapNames[i], mLdapValues[i])); } @@ -337,14 +332,14 @@ public class LdapEnhancedMap // ILdapMapper methods // ///////////////////////// - /** + /** * for initializing from config store. - * + * * implementation for extended * ILdapPlugin interface method */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; mDnPattern = mConfig.getString(PROP_DNPATTERN, @@ -364,16 +359,16 @@ public class LdapEnhancedMap for (int i = 0; i < mNumAttrs; i++) { mLdapNames[i] = mConfig.getString(PROP_ATTR_NAME + - Integer.toString(i), - ""); + Integer.toString(i), + ""); mLdapPatterns[i] = mConfig.getString(PROP_ATTR_PATTERN + - Integer.toString(i), - ""); + Integer.toString(i), + ""); if (mLdapPatterns[i] != null && - !mLdapPatterns[i].trim().equals("")) { + !mLdapPatterns[i].trim().equals("")) { mPatterns[i] = new AVAPattern(mLdapPatterns[i]); } } @@ -381,7 +376,7 @@ public class LdapEnhancedMap init(mDnPattern); } - /** + /** * implementation for extended * ILdapPlugin interface method */ @@ -407,34 +402,34 @@ public class LdapEnhancedMap try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { + } else { v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + mConfig.getString(PROP_DNPATTERN)); } v.addElement(PROP_CREATE + "=" + - mConfig.getBoolean(PROP_CREATE, - true)); + mConfig.getBoolean(PROP_CREATE, + true)); v.addElement(PROP_ATTRNUM + "=" + - mConfig.getInteger(PROP_ATTRNUM, - DEFAULT_NUM_ATTRS)); + mConfig.getInteger(PROP_ATTRNUM, + DEFAULT_NUM_ATTRS)); for (int i = 0; i < mNumAttrs; i++) { if (mLdapNames[i] != null) { v.addElement(PROP_ATTR_NAME + i + - "=" + mLdapNames[i]); + "=" + mLdapNames[i]); } else { v.addElement(PROP_ATTR_NAME + i + - "="); + "="); } if (mLdapPatterns[i] != null) { v.addElement(PROP_ATTR_PATTERN + i + - "=" + mLdapPatterns[i]); + "=" + mLdapPatterns[i]); } else { v.addElement(PROP_ATTR_PATTERN + i + - "="); + "="); } } } catch (Exception e) { @@ -447,12 +442,12 @@ public class LdapEnhancedMap * Maps an X500 subject name to an LDAP entry. * Uses DN pattern to form a DN for an LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ + * @param conn the LDAP connection. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, null, obj); } @@ -460,13 +455,13 @@ public class LdapEnhancedMap * Maps an X500 subject name to an LDAP entry. * Uses DN pattern to form a DN for an LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) { return null; } @@ -477,7 +472,7 @@ public class LdapEnhancedMap dn = formDN(req, obj); if (dn == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; @@ -494,9 +489,9 @@ public class LdapEnhancedMap String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, - "searching for dn: " + - dn + " filter:" + - filter + " scope: base"); + "searching for dn: " + + dn + " filter:" + + filter + " scope: base"); LDAPSearchResults results = conn.search(dn, scope, @@ -508,27 +503,27 @@ public class LdapEnhancedMap if (results.hasMoreElements()) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", - dn + - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", + dn + + ((req == null) ? "" + : req.getRequestId().toString()))); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" + : req.getRequestId().toString()))); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", - dn + - ((req == null) ? "" - : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", + dn + + ((req == null) ? "" + : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } } catch (LDAPException e) { @@ -536,48 +531,48 @@ public class LdapEnhancedMap // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else if (e.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT && mCreateEntry) { + LDAPException.NO_SUCH_OBJECT && mCreateEntry) { try { createEntry(conn, dn); log(ILogger.LL_INFO, - "Entry " + - dn + - " Created"); + "Entry " + + dn + + " Created"); return dn; } catch (LDAPException e1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + dn, + e.toString())); log(ILogger.LL_FAILURE, - "Entry is not created. " + - "This may because there are " + - "entries in the directory " + - "hierachy not exit."); + "Entry is not created. " + + "This may because there are " + + "entries in the directory " + + "hierachy not exit."); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn)); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + dn, + e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", - e.toString())); + CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", + e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } @@ -591,46 +586,46 @@ public class LdapEnhancedMap Vector<String> v = new Vector<String>(); v.addElement(PROP_DNPATTERN + - ";string;Describes how to form the Ldap " + - "Subject name in the directory. " + - "Example 1: 'uid=CertMgr, o=Fedora'. " + - "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + - "E=$ext.SubjectAlternativeName.RFC822Name, " + - "ou=$subj.ou'. " + - "$req means: take the attribute from the " + - "request. " + - "$subj means: take the attribute from the " + - "certificate subject name. " + - "$ext means: take the attribute from the " + - "certificate extension"); + ";string;Describes how to form the Ldap " + + "Subject name in the directory. " + + "Example 1: 'uid=CertMgr, o=Fedora'. " + + "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + + "E=$ext.SubjectAlternativeName.RFC822Name, " + + "ou=$subj.ou'. " + + "$req means: take the attribute from the " + + "request. " + + "$subj means: take the attribute from the " + + "certificate subject name. " + + "$ext means: take the attribute from the " + + "certificate extension"); v.addElement(PROP_CREATE + - ";boolean;If checked, An entry will be " + - "created automatically"); + ";boolean;If checked, An entry will be " + + "created automatically"); v.addElement(PROP_ATTRNUM + - ";string;How many attributes to add."); + ";string;How many attributes to add."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-enhancedmapper"); + ";configuration-ldappublish-mapper-enhancedmapper"); v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Describes how to form the LDAP DN of the " + - "entry to publish to"); + ";Describes how to form the LDAP DN of the " + + "entry to publish to"); for (int i = 0; i < MAX_ATTRS; i++) { v.addElement(PROP_ATTR_NAME + - Integer.toString(i) + - ";string;" + - "The name of LDAP attribute " + - "to be added. e.g. mail"); + Integer.toString(i) + + ";string;" + + "The name of LDAP attribute " + + "to be added. e.g. mail"); v.addElement(PROP_ATTR_PATTERN + - Integer.toString(i) + - ";string;" + - "How to create the LDAP attribute value. " + - "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + - "$subj.E or " + - "$ext.SubjectAlternativeName.RFC822Name"); + Integer.toString(i) + + ";string;" + + "How to create the LDAP attribute value. " + + "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + + "$subj.E or " + + "$ext.SubjectAlternativeName.RFC822Name"); } String params[] = - com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); return params; } @@ -641,7 +636,6 @@ public class LdapEnhancedMap private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapEnhancedMapper: " + msg); + "LdapEnhancedMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java index 192b1d30..58bc06b2 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,19 +44,18 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * Maps a request to an entry in the LDAP server. * Takes a dnPattern to form the baseDN from the request attributes - * and certificate subject name.Do a base search for the entry + * and certificate subject name.Do a base search for the entry * in the directory to publish the cert or crl. * The restriction of this mapper is that the ldap dn components must * be part of certificate subject name or request attributes or constant. - * + * * @version $Revision$, $Date$ */ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected String mDnPattern = null; private ILogger mLogger = CMS.getLogger(); @@ -74,13 +72,13 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapSimpleMap(String dnPattern) { try { @@ -88,7 +86,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -100,11 +98,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { "dnPattern;string;Describes how to form the Ldap Subject name in" + - " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + - " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + - "$req means: take the attribute from the request. " + - "$subj means: take the attribute from the certificate subject name. " + - "$ext means: take the attribute from the certificate extension", + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper", IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" }; @@ -116,11 +114,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -131,12 +129,12 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { * common initialization routine. */ protected void init(String dnPattern) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); @@ -145,7 +143,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString())); - throw new EBaseException("falied to init with pattern " + + throw new EBaseException("falied to init with pattern " + dnPattern + " " + e); } @@ -156,12 +154,12 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { * Maps a X500 subject name to LDAP entry. * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, null, obj); } @@ -169,13 +167,13 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { * Maps a X500 subject name to LDAP entry. * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -198,22 +196,22 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -224,7 +222,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString())); @@ -238,6 +236,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ @@ -249,15 +248,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString()); //certExt = (CertificateExtensions) // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); certExt = (CertificateExtensions) info.get( CertificateExtensions.NAME); @@ -271,15 +270,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapSimpleMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", - ((req == null) ? "" : req.getRequestId().toString()))); + subjectDN.toString()); + } catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + ((req == null) ? "" : req.getRequestId().toString()))); return null; } } @@ -315,9 +314,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { + } else { v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + mConfig.getString(PROP_DNPATTERN)); } } catch (Exception e) { } @@ -326,8 +325,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapSimpleMapper: " + msg); + "LdapSimpleMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java index 667a7c5a..79d64054 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -42,26 +41,26 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from + * request attributes and cert subject name. + * <p> + * + * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -72,7 +71,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, OU=people, , O=mcom.com * request attributes: uid: cmanager @@ -97,10 +96,9 @@ import com.netscape.certsrv.request.IRequest; * O = the string mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped. There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ class MapAVAPattern { @@ -120,11 +118,11 @@ class MapAVAPattern { "EDIName", "URIName", "IPAddress", - "OIDName"}; + "OIDName" }; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; @@ -136,7 +134,7 @@ class MapAVAPattern { protected String mType = null; /* the attribute in the AVA pair */ - protected String mAttr = null; + protected String mAttr = null; /* value - could be name of a request attribute or * cert subject dn attribute. */ @@ -154,19 +152,19 @@ class MapAVAPattern { protected String mTestDN = null; public MapAVAPattern(String component) - throws ELdapException { - if (component == null || component.length() == 0) + throws ELdapException { + if (component == null || component.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); parse(new PushbackReader(new StringReader(component))); } - public MapAVAPattern(PushbackReader in) - throws ELdapException { + public MapAVAPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { int c; // mark ava beginning. @@ -182,19 +180,19 @@ class MapAVAPattern { } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); - // $rdn "." number syntax. + // $rdn "." number syntax. if (c == '$') { //System.out.println("$rdn syntax"); mType = TYPE_RDN; try { - if (in.read() != 'r' || - in.read() != 'd' || - in.read() != 'n' || - in.read() != '.') + if (in.read() != 'r' || + in.read() != 'd' || + in.read() != 'n' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); @@ -216,7 +214,7 @@ class MapAVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); - if (rdnNumber.length() == 0) + if (rdnNumber.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; @@ -231,15 +229,15 @@ class MapAVAPattern { // read name //System.out.println("reading name"); - StringBuffer attrBuf = new StringBuffer(); + StringBuffer attrBuf = new StringBuffer(); try { while (c != '=' && c != -1 && c != ',' && c != '+') { attrBuf.append((char) c); c = in.read(); //System.out.println("name read "+(char)c); - } - if (c == ',' || c == '+') + } + if (c == ',' || c == '+') in.unread(c); } catch (IOException e) { throw new ELdapException( @@ -248,11 +246,11 @@ class MapAVAPattern { if (c != '=') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); - // read value - //System.out.println("reading value"); + // read value + //System.out.println("reading value"); - // skip spaces - //System.out.println("skip spaces for value"); + // skip spaces + //System.out.println("skip spaces for value"); try { while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c); ; @@ -261,7 +259,7 @@ class MapAVAPattern { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); if (c == '$') { @@ -273,14 +271,14 @@ class MapAVAPattern { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) + if (c == -1) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $subj or $req in ava pattern")); if (c == 'r') { try { - if (in.read() != 'e' || - in.read() != 'q' || - in.read() != '.') + if (in.read() != 'e' || + in.read() != 'q' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $req in ava pattern")); } catch (IOException e) { @@ -291,10 +289,10 @@ class MapAVAPattern { //System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || - in.read() != 'b' || - in.read() != 'j' || - in.read() != '.') + if (in.read() != 'u' || + in.read() != 'b' || + in.read() != 'j' || + in.read() != '.') throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $subj in ava pattern")); } catch (IOException e) { @@ -305,10 +303,10 @@ class MapAVAPattern { //System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || - in.read() != 't' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (in.read() != 'x' || + in.read() != 't' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "expecting $ext in ava pattern")); } catch (IOException e) { throw new ELdapException( @@ -318,16 +316,16 @@ class MapAVAPattern { //System.out.println("----- mtype $ext"); } else { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + "unknown keyword. expecting $subj $ext or $req.")); } // get request attr name of subject dn pattern from above. String attrName = attrBuf.toString().trim(); //System.out.println("----- attrName "+attrName); - if (attrName.length() == 0) + if (attrName.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); - mAttr = attrName; + mAttr = attrName; /* try { @@ -346,8 +344,8 @@ class MapAVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { //System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } @@ -359,31 +357,31 @@ class MapAVAPattern { } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) + if (mValue.length() == 0) throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$subj or $req attribute name expected")); - //System.out.println("----- mValue "+mValue); + //System.out.println("----- mValue "+mValue); - // get nth dn xxx not nth request attribute . + // get nth dn xxx not nth request attribute . if (c == '.') { StringBuffer attrNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { + && c != '+') { //System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } if (c == ',' || c == '+') // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); - if (attrNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (attrNumber.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req $ext or $subj expected")); try { mElement = Integer.parseInt(attrNumber) - 1; @@ -393,11 +391,11 @@ class MapAVAPattern { mValue = attrNumber; } else if (TYPE_EXT.equals(mType)) { mGNType = attrNumber; - } else - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + } else + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element $req $ext or $subj")); - // get nth request attribute . + // get nth request attribute . if (c == '.') { StringBuffer attrNumberBuf1 = new StringBuffer(); @@ -407,22 +405,22 @@ class MapAVAPattern { attrNumberBuf1.append((char) c); } if (c != -1) // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException ex) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString())); } String attrNumber1 = attrNumberBuf1.toString().trim(); - if (attrNumber1.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + if (attrNumber1.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req expected")); - try { - mElement = Integer.parseInt(attrNumber1) - 1; + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid format in nth element $req.")); - + } } } @@ -438,8 +436,8 @@ class MapAVAPattern { valueBuf.append((char) c); // read forward to get attribute value try { - while ((c = in.read()) != ',' && - c != -1) { + while ((c = in.read()) != ',' && + c != -1) { valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' @@ -449,8 +447,8 @@ class MapAVAPattern { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - try { - AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); + try { + AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); mValue = ava.toLdapDNString(); //System.out.println("----- mValue "+mValue); @@ -461,19 +459,19 @@ class MapAVAPattern { } public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions) - throws ELdapException { + throws ELdapException { if (TYPE_CONSTANT.equals(mType)) return mValue; if (TYPE_RDN.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); - if (mElement >= rdns.length) + if (mElement >= rdns.length) return null; return rdns[mElement]; } @@ -481,9 +479,9 @@ class MapAVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; int nFound = -1; @@ -494,8 +492,8 @@ class MapAVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } @@ -503,10 +501,10 @@ class MapAVAPattern { } if (value == null) { CMS.debug( - "MapAVAPattern: attr " + mAttr + - " not formed from: cert subject " + - dn + - "-- no subject component : " + mValue); + "MapAVAPattern: attr " + mAttr + + " not formed from: cert subject " + + dn + + "-- no subject component : " + mValue); return null; } return mAttr + "=" + value; @@ -516,21 +514,19 @@ class MapAVAPattern { if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { Extension ext = (Extension) - extensions.elementAt(i); + extensions.elementAt(i); String extName = OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); if (index != -1) extName = extName.substring(index + 1); - if ( - extName.equals(mValue)) { + if (extName.equals(mValue)) { // Check the extensions one by one. // For now, just give subjectAltName as an example. - if - (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) { + if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) { try { GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) break; @@ -541,7 +537,8 @@ class MapAVAPattern { String gname = gn.toString(); index = gname.indexOf(":"); - if (index == -1) break; + if (index == -1) + break; String gType = gname.substring(0, index); if (mGNType != null) { @@ -563,18 +560,18 @@ class MapAVAPattern { j++; } } - } catch (IOException e) { + } catch (IOException e) { CMS.debug( - "MapAVAPattern: Publishing attr not formed from extension." + - "-- no attr : " + mValue); + "MapAVAPattern: Publishing attr not formed from extension." + + "-- no attr : " + mValue); } } } } } CMS.debug( - "MapAVAPattern: Publishing:attr not formed from extension " + - "-- no attr : " + mValue); + "MapAVAPattern: Publishing:attr not formed from extension " + + "-- no attr : " + mValue); return null; } @@ -583,8 +580,7 @@ class MapAVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new - ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST", + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, mAttr)); } return mAttr + "=" + reqAttr; @@ -608,20 +604,20 @@ class MapAVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' + * Explode RDN into AVAs. + * Does not handle escaped '+' * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * If RDN is malformed returns empty array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); - if (plus == -1) + if (plus == -1) return new String[] { rdn }; Vector<String> avas = new Vector<String>(); StringTokenizer token = new StringTokenizer(rdn, "+"); - while (token.hasMoreTokens()) + while (token.hasMoreTokens()) avas.addElement(token.nextToken()); String[] theAvas = new String[avas.size()]; @@ -630,17 +626,16 @@ class MapAVAPattern { } /** - * Explode AVA into name and value. + * Explode AVA into name and value. * Does not handle escaped '=' * If AVA is malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); - if (equals == -1) + if (equals == -1) return null; return new String[] { - ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()}; + ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java index 5de5e3dd..463c9e4d 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -31,25 +30,25 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from + * request attributes and cert subject name. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -60,7 +59,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -73,10 +72,9 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped. There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ public class MapDNPattern { @@ -95,16 +93,17 @@ public class MapDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattern the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ public MapDNPattern(String pattern) - throws ELdapException { + throws ELdapException { if (pattern == null || pattern.equals("")) { CMS.debug( - "MapDNPattern: null pattern"); + "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,13 +112,13 @@ public class MapDNPattern { } } - public MapDNPattern(PushbackReader in) - throws ELdapException { + public MapDNPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { Vector<MapRDNPattern> rdnPatterns = new Vector<MapRDNPattern>(); MapRDNPattern rdnPattern = null; int lastChar = -1; @@ -133,8 +132,7 @@ public class MapDNPattern { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == ','); + } while (lastChar == ','); mRDNPatterns = new MapRDNPattern[rdnPatterns.size()]; rdnPatterns.copyInto(mRDNPatterns); @@ -144,8 +142,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getReqAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) reqAttrs.addElement(rdnAttrs[j]); } mReqAttrs = new String[reqAttrs.size()]; @@ -156,8 +154,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getCertAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) certAttrs.addElement(rdnAttrs[j]); } mCertAttrs = new String[certAttrs.size()]; @@ -166,12 +164,13 @@ public class MapDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. + * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ public String formDN(IRequest req, X500Name subject, CertificateExtensions ext) - throws ELdapException { + throws ELdapException { StringBuffer formedDN = new StringBuffer(); for (int i = 0; i < mRDNPatterns.length; i++) { @@ -180,11 +179,11 @@ public class MapDNPattern { String rdn = mRDNPatterns[i].formRDN(req, subject, ext); if (rdn != null && rdn.length() != 0) { - if (formedDN.length() != 0) - formedDN.append(","); - formedDN.append(rdn); + if (formedDN.length() != 0) + formedDN.append(","); + formedDN.append(rdn); } else { - throw new ELdapException("pattern not matched"); + throw new ELdapException("pattern not matched"); } } return formedDN.toString(); @@ -198,4 +197,3 @@ public class MapDNPattern { return (String[]) mCertAttrs.clone(); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java index 65091000..fafa660a 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -30,25 +29,25 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from + * request attributes and cert subject name. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -59,7 +58,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -72,10 +71,9 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped.There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute is skipped.There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ class MapRDNPattern { @@ -94,16 +92,17 @@ class MapRDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattenr the DN pattern - * @exception ELdapException If parsing error occurs. + * @exception ELdapException If parsing error occurs. */ public MapRDNPattern(String pattern) - throws ELdapException { + throws ELdapException { if (pattern == null || pattern.equals("")) { CMS.debug( - "MapDNPattern: null pattern"); + "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,15 +112,15 @@ class MapRDNPattern { } /** - * Construct a DN pattern from a input stream of pattern + * Construct a DN pattern from a input stream of pattern */ - public MapRDNPattern(PushbackReader in) - throws ELdapException { + public MapRDNPattern(PushbackReader in) + throws ELdapException { parse(in); } private void parse(PushbackReader in) - throws ELdapException { + throws ELdapException { //System.out.println("_________ begin rdn _________"); Vector<MapAVAPattern> avaPatterns = new Vector<MapAVAPattern>(); MapAVAPattern avaPattern = null; @@ -135,18 +134,17 @@ class MapRDNPattern { //" mAttr "+avaPattern.mAttr+ //" mValue "+avaPattern.mValue+ //" mElement "+avaPattern.mElement); - try { - lastChar = in.read(); + try { + lastChar = in.read(); } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == '+'); + } while (lastChar == '+'); if (lastChar != -1) { try { - in.unread(lastChar); // pushback last , + in.unread(lastChar); // pushback last , } catch (IOException e) { throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); @@ -161,7 +159,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getReqAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; reqAttrs.addElement(avaAttr); } @@ -173,7 +171,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getCertAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; certAttrs.addElement(avaAttr); } @@ -183,16 +181,17 @@ class MapRDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. + * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext) - throws ELdapException { + throws ELdapException { StringBuffer formedRDN = new StringBuffer(); for (int i = 0; i < mAVAPatterns.length; i++) { - if (mTestDN != null) + if (mTestDN != null) mAVAPatterns[i].mTestDN = mTestDN; String ava = mAVAPatterns[i].formAVA(req, subject, ext); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java index b1d10902..cddc589b 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.util.Locale; import java.util.Vector; @@ -30,10 +29,9 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * No Map - * + * * @version $Revision$, $Date$ */ public class NoMap implements ILdapMapper, IExtendedPluginInfo { @@ -56,14 +54,14 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo { } public IConfigStore getConfigStore() { - return mConfig; + return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; } @@ -71,17 +69,17 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo { * Maps a X500 subject name to LDAP entry. * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, Object obj) - throws ELdapException { + throws ELdapException { return null; } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return null; } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index f0154e44..aa49225c 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; @@ -47,10 +46,10 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** +/** * This publisher writes certificate and CRL into * a directory. - * + * * @version $Revision$, $Date$ */ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -74,10 +73,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { protected String mLinkExt = null; protected int mZipLevel = 9; - public void setIssuingPointId(String crlIssuingPointId) - { + public void setIssuingPointId(String crlIssuingPointId) { mCrlIssuingPointId = crlIssuingPointId; } + /** * Returns the implementation name. */ @@ -99,14 +98,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.", + PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + "' to be enabled.", PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-filepublisher", + ";configuration-ldappublish-publisher-filepublisher", IExtendedPluginInfo.HELP_TEXT + - ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; return params; @@ -139,14 +138,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { try { if (mTimeStamp == null || (!mTimeStamp.equals("GMT"))) mTimeStamp = "LocalTime"; - v.addElement(PROP_DIR+"=" + dir); - v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true)); - v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false)); - v.addElement(PROP_GMT+"=" + mTimeStamp); - v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false)); - v.addElement(PROP_EXT+"=" + ext); - v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false)); - v.addElement(PROP_LEV+"=" + mZipLevel); + v.addElement(PROP_DIR + "=" + dir); + v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true)); + v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false)); + v.addElement(PROP_GMT + "=" + mTimeStamp); + v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false)); + v.addElement(PROP_EXT + "=" + ext); + v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false)); + v.addElement(PROP_LEV + "=" + mZipLevel); } catch (Exception e) { } return v; @@ -158,14 +157,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public Vector<String> getDefaultParams() { Vector<String> v = new Vector<String>(); - v.addElement(PROP_DIR+"="); - v.addElement(PROP_DER+"=true"); - v.addElement(PROP_B64+"=false"); - v.addElement(PROP_GMT+"=LocalTime"); - v.addElement(PROP_LNK+"=false"); - v.addElement(PROP_EXT+"="); - v.addElement(PROP_ZIP+"=false"); - v.addElement(PROP_LEV+"=9"); + v.addElement(PROP_DIR + "="); + v.addElement(PROP_DER + "=true"); + v.addElement(PROP_B64 + "=false"); + v.addElement(PROP_GMT + "=LocalTime"); + v.addElement(PROP_LNK + "=false"); + v.addElement(PROP_EXT + "="); + v.addElement(PROP_ZIP + "=false"); + v.addElement(PROP_LEV + "=9"); return v; } @@ -193,7 +192,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } // convert to forward slash - dir = dir.replace('\\', '/'); + dir = dir.replace('\\', '/'); config.putString(PROP_DIR, dir); File dirCheck = new File(dir); @@ -209,7 +208,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { throw new RuntimeException("Invalid Instance Dir " + e); } - dirCheck = new File(mInstanceRoot + + dirCheck = new File(mInstanceRoot + File.separator + dir); if (dirCheck.isDirectory()) { mDir = mInstanceRoot + File.separator + dir; @@ -224,7 +223,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) { - String[] namePrefix = {"crl", "crl"}; + String[] namePrefix = { "crl", "crl" }; if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) { namePrefix[0] = mCrlIssuingPointId; @@ -232,10 +231,11 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss"); TimeZone tz = TimeZone.getTimeZone("GMT"); - if (useGMT) format.setTimeZone(tz); + if (useGMT) + format.setTimeZone(tz); String timeStamp = format.format(crl.getThisUpdate()).toString(); namePrefix[0] += "-" + timeStamp; - if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) { + if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) { namePrefix[0] += "-delta"; namePrefix[1] += "-delta"; } @@ -243,23 +243,23 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { return namePrefix; } - private void createLink(String linkName, String fileName) { + private void createLink(String linkName, String fileName) { String cmd = "ln -s " + fileName + " " + linkName + ".new"; if (com.netscape.cmsutil.util.Utils.exec(cmd)) { File oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove old link if exists + if (oldLink.exists()) { // remove old link if exists oldLink.delete(); } File link = new File(linkName); - if (link.exists()) { // current link becomes an old link + if (link.exists()) { // current link becomes an old link link.renameTo(new File(linkName + ".old")); } File newLink = new File(linkName + ".new"); - if (newLink.exists()) { // new link becomes current link + if (newLink.exists()) { // new link becomes current link newLink.renameTo(new File(linkName)); } oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove a new old link + if (oldLink.exists()) { // remove a new old link oldLink.delete(); } } else { @@ -270,38 +270,36 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) + * @param conn a Ldap connection + * (null if LDAP publishing is not enabled) * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) + * (null if LDAP publishing is not enabled) * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: publish"); try { if (object instanceof X509Certificate) { X509Certificate cert = (X509Certificate) object; BigInteger sno = cert.getSerialNumber(); String name = mDir + - File.separator + "cert-" + - sno.toString(); - if (mDerAttr) - { + File.separator + "cert-" + + sno.toString(); + if (mDerAttr) { String fileName = name + ".der"; FileOutputStream fos = new FileOutputStream(fileName); fos.write(cert.getEncoded()); fos.close(); } - if (mB64Attr) - { + if (mB64Attr) { String fileName = name + ".b64"; FileOutputStream fos = new FileOutputStream(fileName); ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = - new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); + new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); b64.write(cert.getEncoded()); b64.flush(); (new PrintStream(fos)).print(output.toString("8859_1")); @@ -314,7 +312,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { String tempFile = baseName + ".temp"; FileOutputStream fos; ZipOutputStream zos; - byte [] encodedArray = null; + byte[] encodedArray = null; File destFile = null; String destName = null; File renameFile = null; @@ -325,16 +323,16 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { fos.write(encodedArray); fos.close(); if (mZipCRL) { - zos = new ZipOutputStream(new FileOutputStream(baseName+".zip")); + zos = new ZipOutputStream(new FileOutputStream(baseName + ".zip")); zos.setLevel(mZipLevel); - zos.putNextEntry(new ZipEntry(baseName+".der")); + zos.putNextEntry(new ZipEntry(baseName + ".der")); zos.write(encodedArray, 0, encodedArray.length); zos.closeEntry(); zos.close(); } destName = baseName + ".der"; destFile = new File(destName); - + if (destFile.exists()) destFile.delete(); renameFile = new File(tempFile); @@ -348,58 +346,57 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { linkExt += "der"; } String linkName = mDir + File.separator + namePrefix[1] + linkExt; - createLink(linkName, destName); + createLink(linkName, destName); if (mZipCRL) { linkName = mDir + File.separator + namePrefix[1] + ".zip"; - createLink(linkName, baseName+".zip"); + createLink(linkName, baseName + ".zip"); } } } - + // output base64 file - if(mB64Attr==true) - { - if (encodedArray ==null) - encodedArray = crl.getEncoded(); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - - fos = new FileOutputStream(tempFile); - fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); - fos.close(); - destName = baseName + ".b64"; - destFile = new File(destName); - - if(destFile.exists()) - destFile.delete(); - renameFile = new File(tempFile); - renameFile.renameTo(destFile); - } + if (mB64Attr == true) { + if (encodedArray == null) + encodedArray = crl.getEncoded(); + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + + fos = new FileOutputStream(tempFile); + fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); + fos.close(); + destName = baseName + ".b64"; + destFile = new File(destName); + + if (destFile.exists()) + destFile.delete(); + renameFile = new File(tempFile); + renameFile.renameTo(destFile); + } } } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } catch (CRLException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } } /** * Unpublishs a object to the ldap directory. - * + * * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) + * (null if LDAP publishing is not enabled) * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * (null if LDAP publishing is not enabled) + * @param object object to unpublish + * (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: unpublish"); String name = mDir + File.separator; String fileName; @@ -425,13 +422,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { f = new File(fileName); f.delete(); } - /** + + /** * returns the Der attribute where it'll be published. */ public boolean getDerAttr() { return mDerAttr; } - /** + + /** * returns the B64 attribute where it'll be published. */ public boolean getB64Attr() { diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java index 4727a690..ac1d2602 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for publishing a CA certificate to - * +/** + * Interface for publishing a CA certificate to + * * @version $Revision$, $Date$ */ -public class LdapCaCertPublisher - implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCaCertPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CACERT_ATTR = "caCertificate;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -64,7 +62,6 @@ public class LdapCaCertPublisher private boolean mInited = false; protected IConfigStore mConfig = null; private String mcrlIssuingPointId; - /** * constructor constructs default values. @@ -76,13 +73,13 @@ public class LdapCaCertPublisher String s[] = { "caCertAttr;string;Name of Ldap attribute in which to store certificate", "caObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be " + - "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-cacertpublisher", + ";configuration-ldappublish-publisher-cacertpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish the CA cert to " + - "'certificateAuthority' and 'pkiCA' -type entries" + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return s; @@ -117,12 +114,12 @@ public class LdapCaCertPublisher } public void init(IConfigStore config) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mConfig = config; mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -155,12 +152,13 @@ public class LdapCaCertPublisher * Adds the cert to the multi-valued certificate attribute as a * DER encoded binary blob. Does not check if cert already exists. * Converts the class to certificateAuthority. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection"); return; @@ -176,31 +174,30 @@ public class LdapCaCertPublisher // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } - if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -210,40 +207,40 @@ public class LdapCaCertPublisher byte[] certEnc = cert.getEncoded(); /* search for attribute names to determine existence of attributes */ - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); /* search for objectclass and caCert values */ - LDAPSearchResults res1 = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { "objectclass", mCaCertAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCaCertAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); LDAPAttribute certs = entry1.getAttribute(mCaCertAttr); - boolean hasCert = - LdapUserCertPublisher.ByteValueExists(certs, certEnc); + boolean hasCert = + LdapUserCertPublisher.ByteValueExists(certs, certEnc); LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert"); - } else { + } else { /* fix for 360458 - if no cert, use add, if has cert but not equal, use replace */ if (certs == null) { - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert added"); } else { - modSet.add(LDAPModification.REPLACE, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.REPLACE, + new LDAPAttribute(mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert replaced"); } } @@ -251,22 +248,22 @@ public class LdapCaCertPublisher String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) + if (arls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + new LDAPAttribute(LDAP_CRL_ATTR, "")); attrsAdded = true; } } @@ -275,15 +272,15 @@ public class LdapCaCertPublisher // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; - } + } } if (!match && hasoc) { log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn); @@ -294,7 +291,7 @@ public class LdapCaCertPublisher } // reset mObjAdded and mObjDeleted, if needed - if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { + if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { mObjAdded = ""; mObjDeleted = ""; mConfig.putString("caObjectClassAdded", ""); @@ -305,8 +302,9 @@ public class LdapCaCertPublisher log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } } - - if (modSet.size() > 0) conn.modify(dn, modSet); + + if (modSet.size() > 0) + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn)); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -315,20 +313,20 @@ public class LdapCaCertPublisher // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; @@ -340,7 +338,7 @@ public class LdapCaCertPublisher * objectclass. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -355,16 +353,16 @@ public class LdapCaCertPublisher try { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCaCertAttr, "objectclass" }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCaCertAttr, "objectclass" }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCaCertAttr); LDAPAttribute ocs = entry.getAttribute("objectclass"); - boolean hasCert = - LdapUserCertPublisher.ByteValueExists(certs, certEnc); + boolean hasCert = + LdapUserCertPublisher.ByteValueExists(certs, certEnc); if (!hasCert) { log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already"); @@ -376,22 +374,22 @@ public class LdapCaCertPublisher LDAPModificationSet modSet = new LDAPModificationSet(); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCaCertAttr, certEnc)); + new LDAPAttribute(mCaCertAttr, certEnc)); if (certs.size() == 1) { // if last ca cert, remove oc also. - String[] oclist = mCaObjectclass.split(","); - for (int i =0 ; i < oclist.length; i++) { + String[] oclist = mCaObjectclass.split(","); + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc); + boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc); if (hasOC) { log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn); modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); } - } + } } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -400,7 +398,7 @@ public class LdapCaCertPublisher // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -415,7 +413,7 @@ public class LdapCaCertPublisher */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaPublisher: " + msg); + "LdapCaPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java index 50cfd7c5..791b8acc 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry +/** + * Interface for mapping a X509 certificate to a LDAP entry * Publishes a certificate as binary and its subject name. - * there is one subject name value for each certificate. - * + * there is one subject name value for each certificate. + * * @version $Revision$, $Date$ */ public class LdapCertSubjPublisher implements ILdapPublisher { @@ -97,19 +95,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited) return; mConfig = config; - mCertAttr = mConfig.getString("certAttr", + mCertAttr = mConfig.getString("certAttr", LdapUserCertPublisher.LDAP_USERCERT_ATTR); - mSubjNameAttr = mConfig.getString("certSubjectName", + mSubjNameAttr = mConfig.getString("certSubjectName", LDAP_CERTSUBJNAME_ATTR); mInited = true; } /** - * constrcutor using specified certificate attribute and + * constrcutor using specified certificate attribute and * certificate subject name attribute. */ public LdapCertSubjPublisher(String certAttr, String subjNameAttr) { @@ -138,15 +136,16 @@ public class LdapCertSubjPublisher implements ILdapPublisher { * Adds the cert to the multi-valued certificate attribute as a * DER encoded binary blob. Does not check if cert already exists. * Then adds the subject name of the cert to the subject name attribute. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. - * @exception ELdapException if cert or subject name already exists, - * if cert encoding fails, if getting cert subject name fails. - * Use ELdapException.getException() to find underlying exception. + * @param certObj the certificate object. + * @exception ELdapException if cert or subject name already exists, + * if cert encoding fails, if getting cert subject name fails. + * Use ELdapException.getException() to find underlying exception. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection"); return; @@ -162,9 +161,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCertAttr, mSubjNameAttr }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCertAttr); @@ -177,14 +176,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // check if has subject name already. if (subjnames != null) { - hasSubjname = + hasSubjname = LdapUserCertPublisher.StringValueExists(subjnames, subjName); } // if has both, done. if (hasCert && hasSubjname) { - log(ILogger.LL_INFO, - "publish: " + subjName + " already has cert & subject name"); + log(ILogger.LL_INFO, + "publish: " + subjName + " already has cert & subject name"); return; } @@ -193,14 +192,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher { if (!hasCert) { log(ILogger.LL_INFO, "publish: adding cert to " + subjName); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } // add subject name if not already there. if (!hasSubjname) { log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mSubjNameAttr, subjName)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mSubjNameAttr, subjName)); } conn.modify(dn, modSet); } catch (CertificateEncodingException e) { @@ -211,7 +210,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); @@ -230,7 +229,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { * with the same subject name. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -242,9 +241,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCertAttr, mSubjNameAttr }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCertAttr); @@ -266,8 +265,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { try { X509CertImpl certval = new X509CertImpl(val); // XXX use some sort of X500name equals function here. - String subjnam = - ((X500Name) certval.getSubjectDN()).toLdapDNString(); + String subjnam = + ((X500Name) certval.getSubjectDN()).toLdapDNString(); if (subjnam.equalsIgnoreCase(subjName)) { hasAnotherCert = true; @@ -275,25 +274,25 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } catch (CertificateEncodingException e) { // ignore this certificate. CMS.debug( - "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } catch (CertificateException e) { // ignore this certificate. CMS.debug( - "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } } } // check if doesn't have subject name already. if (subjnames != null) { - hasSubjname = + hasSubjname = LdapUserCertPublisher.StringValueExists(subjnames, subjName); } // if doesn't have both, done. if (!hasCert && !hasSubjname) { - log(ILogger.LL_INFO, - "unpublish: " + subjName + " already has not cert & subjname"); + log(ILogger.LL_INFO, + "unpublish: " + subjName + " already has not cert & subjname"); return; } @@ -301,19 +300,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher { LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { - log(ILogger.LL_INFO, - "unpublish: deleting cert " + subjName + " from " + dn); + log(ILogger.LL_INFO, + "unpublish: deleting cert " + subjName + " from " + dn); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCertAttr, certEnc)); + new LDAPAttribute(mCertAttr, certEnc)); } // delete subject name if no other cert has the same name. if (hasSubjname && !hasAnotherCert) { - log(ILogger.LL_INFO, - "unpublish: deleting subject name " + subjName + " from " + dn); + log(ILogger.LL_INFO, + "unpublish: deleting subject name " + subjName + " from " + dn); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mSubjNameAttr, subjName)); + new LDAPAttribute(mSubjNameAttr, subjName)); } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -325,7 +324,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -337,7 +336,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjPublisher: " + msg); + "LdapCertSubjPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index e4a7e0b7..152a1efb 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.util.Locale; import java.util.Vector; @@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** +/** * module for publishing a cross certificate pair to ldap * crossCertificatePair attribute - * + * * @version $Revision$, $Date$ */ -public class LdapCertificatePairPublisher - implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCertificatePairPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -73,13 +71,13 @@ public class LdapCertificatePairPublisher String s[] = { "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates", "caObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be " + - "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-crosscertpairpublisher", + ";configuration-ldappublish-publisher-crosscertpairpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish the CA cert to " + - "'certificateAuthority' and 'pkiCA' -type entries" + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return s; @@ -118,12 +116,12 @@ public class LdapCertificatePairPublisher } public void init(IConfigStore config) - throws EBaseException { - if (mInited) + throws EBaseException { + if (mInited) return; mConfig = config; mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -154,26 +152,28 @@ public class LdapCertificatePairPublisher /** * publish a certificatePair - * -should not be called from listeners. + * -should not be called from listeners. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair - * @param pair the Xcertificate bytes object. + * @param pair the Xcertificate bytes object. */ public synchronized void publish(LDAPConnection conn, String dn, Object pair) - throws ELdapException { + throws ELdapException { publish(conn, dn, (byte[]) pair); } /** * publish a certificatePair - * -should not be called from listeners. + * -should not be called from listeners. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair * @param pair the cross cert bytes */ public synchronized void publish(LDAPConnection conn, String dn, - byte[] pair) - throws ELdapException { + byte[] pair) + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection"); @@ -189,17 +189,17 @@ public class LdapCertificatePairPublisher try { // search for attributes to determine if they exist LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); // search for objectclass and crosscertpair attributes and values - LDAPSearchResults res1 = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { "objectclass", mCrossCertPairAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCrossCertPairAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary"); @@ -207,53 +207,53 @@ public class LdapCertificatePairPublisher LDAPModificationSet modSet = new LDAPModificationSet(); boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair); - if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { + if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again."); return; } if (hasCert) { log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes"); } else { - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCrossCertPairAttr, pair)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCrossCertPairAttr, pair)); log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn); } String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) + if (arls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + new LDAPAttribute(LDAP_CRL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CACERT_ATTR, "")); attrsAdded = true; } } - } + } // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; @@ -280,14 +280,15 @@ public class LdapCertificatePairPublisher } } - if (modSet.size() > 0) conn.modify(dn, modSet); + if (modSet.size() > 0) + conn.modify(dn, modSet); CMS.debug("LdapCertificatePairPublisher: in publish() just published"); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); @@ -301,7 +302,7 @@ public class LdapCertificatePairPublisher * unsupported */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision"); } @@ -310,7 +311,7 @@ public class LdapCertificatePairPublisher */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertificatePairPublisher: " + msg); + "LdapCertificatePairPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java index 22dc1294..07b62e90 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CRLException; import java.security.cert.X509CRL; import java.util.Locale; @@ -42,9 +41,8 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - /** - * For publishing master or global CRL. + * For publishing master or global CRL. * Publishes (replaces) the CRL in the CA's LDAP entry. * * @version $Revision$, $Date$ @@ -82,14 +80,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { String[] params = { "crlAttr;string;Name of Ldap attribute in which to store the CRL", "crlObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be a comma-" + - "separated list such as 'certificationAuthority,certificationAuthority-V2' " + - "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", + "added to this entry, if they do not already exist. This can be a comma-" + + "separated list such as 'certificationAuthority,certificationAuthority-V2' " + + "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-crlpublisher", + ";configuration-ldappublish-publisher-crlpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish CRL's to " + - "'certificateAuthority' and 'pkiCA' -type entries" + ";This plugin knows how to publish CRL's to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return params; @@ -115,14 +113,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited) return; mConfig = config; mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); mCrlObjectClass = mConfig.getString("crlObjectClass", - LDAP_CRL_OBJECTCLASS); + LDAP_CRL_OBJECTCLASS); mObjAdded = mConfig.getString("crlObjectClassAdded", ""); mObjDeleted = mConfig.getString("crlObjectClassDeleted", ""); @@ -146,7 +144,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { * CRL's are published as a DER encoded blob. */ public void publish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "publish CRL: no LDAP connection"); return; @@ -162,28 +160,28 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } try { @@ -194,10 +192,10 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPSearchResults res = null; if (mCrlAttr.equals(LDAP_CRL_ATTR)) { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } else { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } LDAPEntry entry = res.next(); @@ -216,26 +214,26 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { String[] oclist = mCrlObjectClass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn); modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + new LDAPAttribute("objectclass", oc)); if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes if (arls == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (certs == null) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CACERT_ATTR, "")); + new LDAPAttribute(LDAP_CACERT_ATTR, "")); - if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) + if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + new LDAPAttribute(LDAP_CRL_ATTR, "")); attrsAdded = true; } } @@ -246,11 +244,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; @@ -275,7 +273,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } - } + } conn.modify(dn, modSet); } catch (CRLException e) { @@ -286,31 +284,31 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } } /** - * There shouldn't be a need to call this. - * CRLs are always replaced but this is implemented anyway in case + * There shouldn't be a need to call this. + * CRLs are always replaced but this is implemented anyway in case * there is ever a reason to remove a global CRL. */ public void unpublish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { try { byte[] crlEnc = ((X509CRL) crlObj).getEncoded(); @@ -320,7 +318,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (EBaseException e) { } - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false); LDAPEntry e = res.next(); @@ -330,21 +327,21 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPModificationSet modSet = new LDAPModificationSet(); boolean hasOC = false; - boolean hasCRL = - LdapUserCertPublisher.ByteValueExists(crls, crlEnc); + boolean hasCRL = + LdapUserCertPublisher.ByteValueExists(crls, crlEnc); if (hasCRL) { - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCrlAttr, crlEnc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(mCrlAttr, crlEnc)); } - + String[] oclist = mCrlObjectClass.split(","); - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); if (LdapUserCertPublisher.StringValueExists(ocs, oc)) { log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectClass", oc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectClass", oc)); hasOC = true; } } @@ -353,7 +350,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { conn.modify(dn, modSet); } else { log(ILogger.LL_INFO, - "unpublish: " + dn + " already has not CRL"); + "unpublish: " + dn + " already has not CRL"); } } catch (CRLException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -363,7 +360,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -375,6 +372,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlPublisher: " + msg); + "LdapCrlPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java index f4dcbb3c..ee2bff33 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -51,10 +50,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -82,9 +80,9 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", + ";configuration-ldappublish-publisher-usercertpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" + ";This plugin knows how to publish user certificates" }; return params; @@ -110,7 +108,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited) return; mConfig = config; @@ -130,10 +128,10 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -147,7 +145,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc); @@ -160,7 +158,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // publish LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString()); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -169,7 +167,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); @@ -180,12 +178,12 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } /** - * unpublish a user certificate + * unpublish a user certificate * deletes the certificate from the list of certificates. * does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -195,7 +193,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -207,7 +205,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(mCertAttr, certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -216,7 +214,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); @@ -228,11 +226,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } public LDAPAttribute getModificationAttribute( - LDAPAttribute attr, byte[] bval) { + LDAPAttribute attr, byte[] bval) { LDAPAttribute at = new LDAPAttribute(attr.getName(), bval); // determine if the given cert is a signing or an encryption @@ -248,7 +246,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } @SuppressWarnings("unchecked") - Enumeration<byte[]> vals = attr.getByteValues(); + Enumeration<byte[]> vals = attr.getByteValues(); byte[] val = null; while (vals.hasMoreElements()) { @@ -258,12 +256,12 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin log(ILogger.LL_INFO, "Checking " + cert); if (CMS.isEncryptionCert(thisCert) && - CMS.isEncryptionCert(cert)) { + CMS.isEncryptionCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert); revokeCert(cert); } else if (CMS.isSigningCert(thisCert) && - CMS.isSigningCert(cert)) { + CMS.isSigningCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP SIGNING " + cert); revokeCert(cert); @@ -278,8 +276,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } private RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); @@ -291,13 +289,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, new Date(), crlentryexts); + new RevokedCertImpl(serialNo, new Date(), crlentryexts); return crlentry; } private void revokeCert(X509CertImpl cert) - throws EBaseException { + throws EBaseException { try { if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) { return; @@ -308,7 +306,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin BigInteger serialNum = cert.getSerialNumber(); // need to revoke certificate also ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); + CMS.getSubsystem("ca"); ICAService service = (ICAService) ca.getCAService(); RevokedCertImpl crlEntry = formCRLEntry( serialNum, RevocationReason.KEY_COMPROMISE); @@ -324,7 +322,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return false; } @SuppressWarnings("unchecked") - Enumeration<byte[]> vals = attr.getByteValues(); + Enumeration<byte[]> vals = attr.getByteValues(); byte[] val = null; while (vals.hasMoreElements()) { @@ -344,7 +342,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return false; } @SuppressWarnings("unchecked") - Enumeration<String> vals = attr.getStringValues(); + Enumeration<String> vals = attr.getStringValues(); String val = null; while (vals.hasMoreElements()) { @@ -357,4 +355,3 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index f612d005..aa1a7ef7 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -43,10 +42,9 @@ import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -72,9 +70,9 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", + ";configuration-ldappublish-publisher-usercertpublisher", IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" + ";This plugin knows how to publish user certificates" }; return params; @@ -100,7 +98,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } public void init(IConfigStore config) - throws EBaseException { + throws EBaseException { if (mInited) return; mConfig = config; @@ -119,10 +117,10 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -130,28 +128,28 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } if (!(certObj instanceof X509Certificate)) @@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -181,23 +179,23 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // publish LDAPModification mod = null; if (deleteCert) { - mod = new LDAPModification(LDAPModification.REPLACE, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.REPLACE, + new LDAPAttribute(mCertAttr, certEnc)); } else { - mod = new LDAPModification(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } - conn.modify(dn, mod); + conn.modify(dn, mod); // log a successful message to the "transactions" log - mLogger.log( ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, ILogger.S_LDAP, ILogger.LL_INFO, AuditFormat.LDAP_PUBLISHED_FORMAT, new Object[] { "LdapUserCertPublisher", cert.getSerialNumber().toString(16), - cert.getSubjectDN() } ); + cert.getSubjectDN() }); } catch (CertificateEncodingException e) { CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString()); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -206,31 +204,31 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * unpublish a user certificate + * unpublish a user certificate * deletes the certificate from the list of certificates. * does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { boolean disableUnpublish = false; try { @@ -239,8 +237,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } if (disableUnpublish) { - CMS.debug("UserCertPublisher: disable unpublish"); - return; + CMS.debug("UserCertPublisher: disable unpublish"); + return; } if (!(certObj instanceof X509Certificate)) @@ -252,7 +250,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -264,7 +262,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(mCertAttr, certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); @@ -273,7 +271,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); @@ -285,7 +283,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } /** diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index ad37a666..551bb4d6 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.DataInputStream; import java.io.IOException; import java.io.OutputStream; @@ -42,11 +41,10 @@ import com.netscape.certsrv.publish.ILdapPublisher; import com.netscape.cmsutil.http.HttpRequest; import com.netscape.cmsutil.http.JssSSLSocketFactory; - -/** +/** * This publisher writes certificate and CRL into * a directory. - * + * * @version $Revision$, $Date$ */ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -86,9 +84,9 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { PROP_NICK + ";string;Nickname of cert used for client authentication", PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled", IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-ocsppublisher", + ";configuration-ldappublish-publisher-ocsppublisher", IExtendedPluginInfo.HELP_TEXT + - ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." + ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." }; return params; @@ -146,11 +144,10 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - v.addElement(PROP_HOST + "="); v.addElement(PROP_PORT + "="); v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL"); @@ -178,45 +175,44 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) - { - Socket socket = null; - StringTokenizer st = new StringTokenizer(host, " "); - while (st.hasMoreTokens()) { - String hp = st.nextToken(); // host:port - StringTokenizer st1 = new StringTokenizer(hp, ":"); - String h = st1.nextToken(); - int p = Integer.parseInt(st1.nextToken()); - try { - if (secure) { - socket = factory.makeSocket(h, p); - } else { - socket = new Socket(h, p); - } - return socket; - } catch (Exception e) { - } - try { - Thread.sleep(5000); // 5 seconds delay - } catch (Exception e) { - } - } - return null; + protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) { + Socket socket = null; + StringTokenizer st = new StringTokenizer(host, " "); + while (st.hasMoreTokens()) { + String hp = st.nextToken(); // host:port + StringTokenizer st1 = new StringTokenizer(hp, ":"); + String h = st1.nextToken(); + int p = Integer.parseInt(st1.nextToken()); + try { + if (secure) { + socket = factory.makeSocket(h, p); + } else { + socket = new Socket(h, p); + } + return socket; + } catch (Exception e) { + } + try { + Thread.sleep(5000); // 5 seconds delay + } catch (Exception e) { + } + } + return null; } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) + * @param conn a Ldap connection + * (null if LDAP publishing is not enabled) * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) + * (null if LDAP publishing is not enabled) * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public synchronized void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { try { if (!(object instanceof X509CRL)) return; @@ -226,18 +222,18 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { // open the connection and prepare it to POST boolean secure = true; - + String host = mHost; int port = Integer.parseInt(mPort); String path = mPath; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: " + - "Host='" + host + "' Port='" + port + - "' URL='" + path + "'"); - CMS.debug("OCSPPublisher: " + - "Host='" + host + "' Port='" + port + - "' URL='" + path + "'"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: " + + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); + CMS.debug("OCSPPublisher: " + + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); StringBuffer query = new StringBuffer(); query.append("crl="); @@ -256,23 +252,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } if (mHost != null && mHost.indexOf(' ') != -1) { - // support failover hosts configuration - // host parameter can be - // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" - do { - socket = Connect(mHost, secure, factory); - } while (socket == null); + // support failover hosts configuration + // host parameter can be + // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" + do { + socket = Connect(mHost, secure, factory); + } while (socket == null); } else { - if (secure) { - socket = factory.makeSocket(host, port); - } else { - socket = new Socket(host, port); - } + if (secure) { + socket = factory.makeSocket(host, port); + } else { + socket = new Socket(host, port); + } } - if( socket == null ) { - CMS.debug( "OCSPPublisher::publish() - socket is null!" ); - throw new ELdapException( "socket is null" ); + if (socket == null) { + CMS.debug("OCSPPublisher::publish() - socket is null!"); + throw new ELdapException("socket is null"); } // use HttpRequest and POST @@ -283,17 +279,17 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { httpReq.setHeader("Connection", "Keep-Alive"); httpReq.setHeader("Content-Type", - "application/x-www-form-urlencoded"); + "application/x-www-form-urlencoded"); httpReq.setHeader("Content-Transfer-Encoding", "7bit"); - httpReq.setHeader("Content-Length", - Integer.toString(query.length())); + httpReq.setHeader("Content-Length", + Integer.toString(query.length())); httpReq.setContent(query.toString()); OutputStream os = socket.getOutputStream(); OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8"); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: start sending CRL"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: start sending CRL"); long startTime = CMS.getCurrentDate().getTime(); CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime); httpReq.write(outputStreamWriter); @@ -301,8 +297,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime)); // Read the response - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: start getting response"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: start getting response"); DataInputStream dis = new DataInputStream(socket.getInputStream()); String nextline; String line = ""; @@ -321,40 +317,40 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } dis.close(); if (status) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: successful"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: successful"); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: failed - " + error); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: failed - " + error); } - + } catch (IOException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } catch (CRLException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } catch (Exception e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } } /** * Unpublishs a object to the ldap directory. - * + * * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) + * (null if LDAP publishing is not enabled) * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * (null if LDAP publishing is not enabled) + * @param object object to unpublish + * (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { // NOT USED } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java index d5717aad..5bd34228 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -29,10 +28,9 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Vector; - /** * Publisher utility class. - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -104,9 +102,10 @@ public class Utils { } return true; } - + /** * strips out double quotes around String parameter + * * @param s the string potentially bracketed with double quotes * @return string stripped of surrounding double quotes */ diff --git a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java index b48af995..089793bb 100644 --- a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java +++ b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.request; - import java.util.Vector; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestScheduler; - /** * This class represents a request scheduler that prioritizes * the threads based on the request processing order. @@ -37,7 +35,7 @@ public class RequestScheduler implements IRequestScheduler { /** * Request entered the request queue processing. - * + * * @param r request */ public synchronized void requestIn(IRequest r) { @@ -51,10 +49,10 @@ public class RequestScheduler implements IRequestScheduler { /** * Request exited the request queue processing. - * + * * @param r request */ - public synchronized void requestOut(IRequest r) { + public synchronized void requestOut(IRequest r) { Thread current = Thread.currentThread(); Thread first = (Thread) mRequestThreads.elementAt(0); diff --git a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java index df7f02bc..cdd86cca 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java @@ -20,7 +20,6 @@ package com.netscape.cms.selftests; - /////////////////////// // import statements // /////////////////////// @@ -37,7 +36,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTest; import com.netscape.certsrv.selftests.ISelfTestSubsystem; - ////////////////////// // class definition // ////////////////////// @@ -51,13 +49,11 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem; * @version $Revision$, $Date$ */ public abstract class ASelfTest - implements ISelfTest { + implements ISelfTest { //////////////////////// // default parameters // //////////////////////// - - ////////////////////////// // ISelfTest parameters // ////////////////////////// @@ -75,8 +71,6 @@ public abstract class ASelfTest // default methods // ///////////////////// - - /////////////////////// // ISelfTest methods // /////////////////////// @@ -85,18 +79,18 @@ public abstract class ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ public void initSelfTest(ISelfTestSubsystem subsystem, - String instanceName, - IConfigStore parameters) - throws EDuplicateSelfTestException, + String instanceName, + IConfigStore parameters) + throws EDuplicateSelfTestException, EInvalidSelfTestException, EMissingSelfTestException { // store individual self test class values for this instance @@ -108,9 +102,9 @@ public abstract class ASelfTest instanceName = instanceName.trim(); } else { mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - SELF_TEST_NAME)); + CMS.getLogMessage( + "SELFTESTS_PARAMETER_WAS_NULL", + SELF_TEST_NAME)); throw new EMissingSelfTestException(); } @@ -124,14 +118,14 @@ public abstract class ASelfTest mConfig = parameters.getSubStore(pluginPath); if ((mConfig != null) && - (mConfig.getName() != null) && - (mConfig.getName() != "")) { + (mConfig.getName() != null) && + (mConfig.getName() != "")) { mPrefix = mConfig.getName().trim(); } else { mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - SELF_TEST_NAME)); + CMS.getLogMessage( + "SELFTESTS_PARAMETER_WAS_NULL", + SELF_TEST_NAME)); throw new EMissingSelfTestException(); } @@ -142,11 +136,11 @@ public abstract class ASelfTest /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public abstract void startupSelfTest() - throws ESelfTestException; + throws ESelfTestException; /** * Stops this subsystem. The subsystem may call shutdownSelfTest @@ -159,7 +153,7 @@ public abstract class ASelfTest * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ public String getSelfTestName() { @@ -170,7 +164,7 @@ public abstract class ASelfTest * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ public IConfigStore getSelfTestConfigStore() { @@ -181,7 +175,7 @@ public abstract class ASelfTest * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ @@ -190,11 +184,10 @@ public abstract class ASelfTest /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ public abstract void runSelfTest(ILogEventListener logger) - throws ESelfTestException; + throws ESelfTestException; } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java index cf3338ef..c9c12bb4 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ca; - - /////////////////////// // import statements // /////////////////////// @@ -44,8 +42,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -59,30 +55,23 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class CAPresence -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - /////////////////////////// // CAPresence parameters // /////////////////////////// // parameter information public static final String PROP_CA_SUB_ID = "CaSubId"; - private String mCaSubId = null; - - + private String mCaSubId = null; ///////////////////// // default methods // ///////////////////// - - //////////////////////// // CAPresence methods // //////////////////////// @@ -91,51 +80,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mCaSubId = mConfig.getString( PROP_CA_SUB_ID ); - if( mCaSubId != null ) { + mCaSubId = mConfig.getString(PROP_CA_SUB_ID); + if (mCaSubId != null) { mCaSubId = mCaSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( PROP_CA_SUB_ID ); + throw new EMissingSelfTestException(PROP_CA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_CA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -143,145 +131,132 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; ICertificateAuthority ca = null; X509CertImpl caCert = null; X509Key caPubKey = null; - ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId ); + ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); - if( ca == null ) { + if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the CA certificate caCert = ca.getCACert(); - if( caCert == null ) { + if (caCert == null) { // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the CA certificate public key try { - caPubKey = ( X509Key ) caCert.get( X509CertImpl.PUBLIC_KEY ); + caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - if( caPubKey == null ) { + if (caPubKey == null) { // log that something is seriously wrong with the CA - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } - } catch( CertificateParsingException e ) { + } catch (CertificateParsingException e) { // log that something is seriously wrong with the CA - mSelfTestSubsystem.log( logger, - e.toString() ); + mSelfTestSubsystem.log(logger, + e.toString()); - throw new ESelfTestException( e.toString() ); + throw new ESelfTestException(e.toString()); } // log that the CA is present - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java index cff35ce5..9325208f 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ca; - - /////////////////////// // import statements // /////////////////////// @@ -44,14 +42,12 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// /** - * This class implements a self test to check the validity of the CA. + * This class implements a self test to check the validity of the CA. * <P> * * @author mharmsen @@ -59,30 +55,23 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class CAValidity -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - /////////////////////////// // CAValidity parameters // /////////////////////////// // parameter information public static final String PROP_CA_SUB_ID = "CaSubId"; - private String mCaSubId = null; - - + private String mCaSubId = null; ///////////////////// // default methods // ///////////////////// - - //////////////////////// // CAValidity methods // //////////////////////// @@ -91,51 +80,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mCaSubId = mConfig.getString( PROP_CA_SUB_ID ); - if( mCaSubId != null ) { + mCaSubId = mConfig.getString(PROP_CA_SUB_ID); + if (mCaSubId != null) { mCaSubId = mCaSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( PROP_CA_SUB_ID ); + throw new EMissingSelfTestException(PROP_CA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_CA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_CA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_CA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -143,145 +131,132 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; ICertificateAuthority ca = null; X509CertImpl caCert = null; - ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId ); + ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); - if( ca == null ) { + if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the CA certificate caCert = ca.getCACert(); - if( caCert == null ) { + if (caCert == null) { // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the CA validity period try { caCert.checkValidity(); - } catch( CertificateNotYetValidException e ) { + } catch (CertificateNotYetValidException e) { // log that the CA is not yet valid - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_YET_VALID", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); - } catch( CertificateExpiredException e ) { + throw new ESelfTestException(logMessage); + } catch (CertificateExpiredException e) { // log that the CA is expired - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_EXPIRED", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the CA is valid - logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_VALID", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index b3388d9e..57afffdf 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.common; - - /////////////////////// // import statements // /////////////////////// @@ -39,8 +37,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -50,33 +46,26 @@ import com.netscape.cms.selftests.ASelfTest; * of the subsystem * <P> * - * @version $Revision: $, $Date: $ + * @version $Revision: $, $Date: $ */ public class SystemCertsVerification -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - /////////////////////////// // SystemCertsVerification parameters // /////////////////////////// // parameter information public static final String PROP_SUB_ID = "SubId"; - private String mSubId = null; - - + private String mSubId = null; ///////////////////// // default methods // ///////////////////// - - //////////////////////// // SystemCertsVerification methods // //////////////////////// @@ -85,51 +74,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mSubId = mConfig.getString( PROP_SUB_ID ); - if( mSubId != null ) { + mSubId = mConfig.getString(PROP_SUB_ID); + if (mSubId != null) { mSubId = mSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_SUB_ID)); - throw new EMissingSelfTestException( PROP_SUB_ID ); + throw new EMissingSelfTestException(PROP_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -137,102 +125,89 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; boolean rc = false; rc = CMS.verifySystemCerts(); if (rc == true) { - logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } else { - logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); - throw new ESelfTestException( logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); + throw new ESelfTestException(logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java index 52255e24..01f5609b 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.kra; - - /////////////////////// // import statements // /////////////////////// @@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -56,30 +52,23 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class KRAPresence -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - /////////////////////////// // KRAPresence parameters // /////////////////////////// // parameter information public static final String PROP_KRA_SUB_ID = "SubId"; - private String mSubId = null; - - + private String mSubId = null; ///////////////////// // default methods // ///////////////////// - - //////////////////////// // KRAPresence methods // //////////////////////// @@ -88,51 +77,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mSubId = mConfig.getString( PROP_KRA_SUB_ID ); - if( mSubId != null ) { + mSubId = mConfig.getString(PROP_KRA_SUB_ID); + if (mSubId != null) { mSubId = mSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_KRA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_KRA_SUB_ID)); - throw new EMissingSelfTestException( PROP_KRA_SUB_ID ); + throw new EMissingSelfTestException(PROP_KRA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_KRA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_KRA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_KRA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -140,137 +128,124 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IKeyRecoveryAuthority kra = null; org.mozilla.jss.crypto.X509Certificate kraCert = null; PublicKey kraPubKey = null; - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( mSubId ); + kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); - if( kra == null ) { + if (kra == null) { // log that the KRA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the KRA certificate kraCert = kra.getTransportCert(); - if( kraCert == null ) { + if (kraCert == null) { // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the KRA certificate public key - kraPubKey = ( PublicKey ) kraCert.getPublicKey(); + kraPubKey = (PublicKey) kraCert.getPublicKey(); - if( kraPubKey == null ) { + if (kraPubKey == null) { // log that something is seriously wrong with the KRA - logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the KRA is present - logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java index 507148bd..c862362a 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ocsp; - - /////////////////////// // import statements // /////////////////////// @@ -45,8 +43,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -60,30 +56,23 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class OCSPPresence -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - ///////////////////////////// // OCSPPresence parameters // ///////////////////////////// // parameter information public static final String PROP_OCSP_SUB_ID = "OcspSubId"; - private String mOcspSubId = null; - - + private String mOcspSubId = null; ///////////////////// // default methods // ///////////////////// - - ////////////////////////// // OCSPPresence methods // ////////////////////////// @@ -92,51 +81,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID ); - if( mOcspSubId != null ) { + mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID); + if (mOcspSubId != null) { mOcspSubId = mOcspSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( PROP_OCSP_SUB_ID ); + throw new EMissingSelfTestException(PROP_OCSP_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_OCSP_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -144,162 +132,149 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IOCSPAuthority ocsp = null; ISigningUnit ocspSigningUnit = null; X509CertImpl ocspCert = null; X509Key ocspPubKey = null; - ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId ); + ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); - if( ocsp == null ) { + if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the OCSP signing unit ocspSigningUnit = ocsp.getSigningUnit(); - if( ocspSigningUnit == null ) { + if (ocspSigningUnit == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); - - mSelfTestSubsystem.log( logger, - logMessage ); - - throw new ESelfTestException( logMessage ); + getSelfTestName()); + + mSelfTestSubsystem.log(logger, + logMessage); + + throw new ESelfTestException(logMessage); } // Retrieve the OCSP certificate ocspCert = ocspSigningUnit.getCertImpl(); - if( ocspCert == null ) { + if (ocspCert == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); - - mSelfTestSubsystem.log( logger, - logMessage ); - - throw new ESelfTestException( logMessage ); + getSelfTestName()); + + mSelfTestSubsystem.log(logger, + logMessage); + + throw new ESelfTestException(logMessage); } // Retrieve the OCSP certificate public key try { - ocspPubKey = ( X509Key ) - ocspCert.get( X509CertImpl.PUBLIC_KEY ); + ocspPubKey = (X509Key) + ocspCert.get(X509CertImpl.PUBLIC_KEY); - if( ocspPubKey == null ) { + if (ocspPubKey == null) { // log that something is seriously wrong with the OCSP - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } - } catch( CertificateParsingException e ) { + } catch (CertificateParsingException e) { // log that something is seriously wrong with the OCSP - mSelfTestSubsystem.log( logger, - e.toString() ); + mSelfTestSubsystem.log(logger, + e.toString()); - throw new ESelfTestException( e.toString() ); + throw new ESelfTestException(e.toString()); } // log that the OCSP is present - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java index e6516b2a..47874682 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ocsp; - - /////////////////////// // import statements // /////////////////////// @@ -45,14 +43,12 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// /** - * This class implements a self test to check the validity of the OCSP. + * This class implements a self test to check the validity of the OCSP. * <P> * * @author mharmsen @@ -60,30 +56,23 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class OCSPValidity -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - ///////////////////////////// // OCSPValidity parameters // ///////////////////////////// // parameter information public static final String PROP_OCSP_SUB_ID = "OcspSubId"; - private String mOcspSubId = null; - - + private String mOcspSubId = null; ///////////////////// // default methods // ///////////////////// - - ////////////////////////// // OCSPValidity methods // ////////////////////////// @@ -92,51 +81,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID ); - if( mOcspSubId != null ) { + mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID); + if (mOcspSubId != null) { mOcspSubId = mOcspSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( PROP_OCSP_SUB_ID ); + throw new EMissingSelfTestException(PROP_OCSP_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_OCSP_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_OCSP_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_OCSP_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -144,162 +132,149 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IOCSPAuthority ocsp = null; ISigningUnit ocspSigningUnit = null; X509CertImpl ocspCert = null; - ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId ); + ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); - if( ocsp == null ) { + if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the OCSP signing unit ocspSigningUnit = ocsp.getSigningUnit(); - if( ocspSigningUnit == null ) { + if (ocspSigningUnit == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); - - mSelfTestSubsystem.log( logger, - logMessage ); - - throw new ESelfTestException( logMessage ); + getSelfTestName()); + + mSelfTestSubsystem.log(logger, + logMessage); + + throw new ESelfTestException(logMessage); } // Retrieve the OCSP certificate ocspCert = ocspSigningUnit.getCertImpl(); - if( ocspCert == null ) { + if (ocspCert == null) { // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the OCSP validity period try { ocspCert.checkValidity(); - } catch( CertificateNotYetValidException e ) { + } catch (CertificateNotYetValidException e) { // log that the OCSP is not yet valid logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_YET_VALID", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); - } catch( CertificateExpiredException e ) { + throw new ESelfTestException(logMessage); + } catch (CertificateExpiredException e) { // log that the OCSP is expired - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_EXPIRED", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the OCSP is valid - logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_VALID", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java index 1a8b4c3e..9790bf61 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java +++ b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.ra; - - /////////////////////// // import statements // /////////////////////// @@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException; import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; - - ////////////////////// // class definition // ////////////////////// @@ -50,6 +46,7 @@ import com.netscape.cms.selftests.ASelfTest; /** * This class implements a self test to check for RA presence. * <P> + * * <PRE> * NOTE: This self-test is for Registration Authorities prior to * Netscape Certificate Management System 7.0. It does NOT @@ -65,30 +62,23 @@ import com.netscape.cms.selftests.ASelfTest; * @version $Revision$, $Date$ */ public class RAPresence -extends ASelfTest -{ + extends ASelfTest { //////////////////////// // default parameters // //////////////////////// - - /////////////////////////// // RAPresence parameters // /////////////////////////// // parameter information public static final String PROP_RA_SUB_ID = "RaSubId"; - private String mRaSubId = null; - - + private String mRaSubId = null; ///////////////////// // default methods // ///////////////////// - - //////////////////////// // RAPresence methods // //////////////////////// @@ -97,51 +87,50 @@ extends ASelfTest * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest( ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, - IConfigStore parameters ) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { - super.initSelfTest( subsystem, instanceName, parameters ); + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { + super.initSelfTest(subsystem, instanceName, parameters); // retrieve mandatory parameter(s) try { - mRaSubId = mConfig.getString( PROP_RA_SUB_ID ); - if( mRaSubId != null ) { + mRaSubId = mConfig.getString(PROP_RA_SUB_ID); + if (mRaSubId != null) { mRaSubId = mRaSubId.trim(); } else { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID ) ); + "SELFTESTS_MISSING_VALUES", + getSelfTestName(), + mPrefix + + "." + + PROP_RA_SUB_ID)); - throw new EMissingSelfTestException( PROP_RA_SUB_ID ); + throw new EMissingSelfTestException(PROP_RA_SUB_ID); } - } catch( EBaseException e ) { - mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(), + } catch (EBaseException e) { + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID ) ); + "SELFTESTS_MISSING_NAME", + getSelfTestName(), + mPrefix + + "." + + PROP_RA_SUB_ID)); - throw new EMissingSelfTestException( mPrefix, + throw new EMissingSelfTestException(mPrefix, PROP_RA_SUB_ID, - null ); + null); } // retrieve optional parameter(s) @@ -149,137 +138,124 @@ extends ASelfTest return; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage( locale, - "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION" ); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, + "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest( ILogEventListener logger ) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; IRegistrationAuthority ra = null; org.mozilla.jss.crypto.X509Certificate raCert = null; PublicKey raPubKey = null; - ra = ( IRegistrationAuthority ) CMS.getSubsystem( mRaSubId ); + ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId); - if( ra == null ) { + if (ra == null) { // log that the RA is not installed - logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } else { // Retrieve the RA certificate raCert = ra.getRACert(); - if( raCert == null ) { + if (raCert == null) { // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( + logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_INITIALIZED", - getSelfTestName() ); + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // Retrieve the RA certificate public key - raPubKey = ( PublicKey ) raCert.getPublicKey(); + raPubKey = (PublicKey) raCert.getPublicKey(); - if( raPubKey == null ) { + if (raPubKey == null) { // log that something is seriously wrong with the RA - logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_CORRUPT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); - throw new ESelfTestException( logMessage ); + throw new ESelfTestException(logMessage); } // log that the RA is present - logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_PRESENT", - getSelfTestName() ); + logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT", + getSelfTestName()); - mSelfTestSubsystem.log( logger, - logMessage ); + mSelfTestSubsystem.log(logger, + logMessage); } return; } } - diff --git a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index ba0ae3cb..a1298727 100644 --- a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -20,8 +20,6 @@ package com.netscape.cms.selftests.tks; - - /////////////////////// // import statements // /////////////////////// @@ -42,8 +40,6 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem; import com.netscape.cms.selftests.ASelfTest; import com.netscape.symkey.SessionKey; - - ////////////////////// // class definition // ////////////////////// @@ -58,46 +54,43 @@ import com.netscape.symkey.SessionKey; * @version $Revision$, $Date$ */ public class TKSKnownSessionKey -extends ASelfTest -{ + extends ASelfTest { // parameter information public static final String PROP_TKS_SUB_ID = "TksSubId"; - private String mTksSubId = null; - private String mToken = null; - private String mUseSoftToken = null; - private String mKeyName = null; - private byte[] mKeyInfo = null; + private String mTksSubId = null; + private String mToken = null; + private String mUseSoftToken = null; + private String mKeyName = null; + private byte[] mKeyInfo = null; private byte[] mCardChallenge = null; private byte[] mHostChallenge = null; - private byte[] mCUID = null; - private byte[] mMacKey = null; - private byte[] mSessionKey = null; - + private byte[] mCUID = null; + private byte[] mMacKey = null; + private byte[] mSessionKey = null; /** * Initializes this subsystem with the configuration store * associated with this instance name. * <P> - * + * * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance + * @param instanceName the name of this self test instance * @param parameters configuration store (self test parameters) * @exception EDuplicateSelfTestException subsystem has duplicate name/value * @exception EInvalidSelfTestException subsystem has invalid name/value * @exception EMissingSelfTestException subsystem has missing name/value */ - public void initSelfTest (ISelfTestSubsystem subsystem, + public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName, IConfigStore parameters) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException - { + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException { ISubsystem tks = null; IConfigStore tksConfig = null; String logMessage = null; - super.initSelfTest( subsystem, instanceName, parameters ); + super.initSelfTest(subsystem, instanceName, parameters); mTksSubId = getConfigString(PROP_TKS_SUB_ID); mToken = getConfigString("token"); @@ -128,34 +121,34 @@ extends ASelfTest if (defKeySetMacKey == null) { CMS.debug("TKSKnownSessionKey: invalid mac key"); CMS.debug("TKSKnownSessionKey self test FAILED"); - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_INVALID_VALUES", - getSelfTestName(), mPrefix + "." + "macKey")); - throw new EInvalidSelfTestException (mPrefix, "macKey", null); + getSelfTestName(), mPrefix + "." + "macKey")); + throw new EInvalidSelfTestException(mPrefix, "macKey", null); } - + try { mSessionKey = getConfigByteArray("sessionKey", 16); } catch (EMissingSelfTestException e) { if (mSessionKey == null) { - mSessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName, + mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, mKeyInfo, mCUID, mMacKey, mUseSoftToken, null, null); if (mSessionKey == null || mSessionKey.length != 16) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_VALUES", - getSelfTestName(), mPrefix + ".sessionKey")); - throw new EMissingSelfTestException ("sessionKey"); + getSelfTestName(), mPrefix + ".sessionKey")); + throw new EMissingSelfTestException("sessionKey"); } String sessionKey = SpecialEncode(mSessionKey); mConfig.putString("sessionKey", sessionKey); try { CMS.getConfigStore().commit(true); } catch (EBaseException be) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_VALUES", - getSelfTestName(), mPrefix + ".sessionKey")); - throw new EMissingSelfTestException ("sessionKey"); + getSelfTestName(), mPrefix + ".sessionKey")); + throw new EMissingSelfTestException("sessionKey"); } } } @@ -163,9 +156,7 @@ extends ASelfTest return; } - - private String SpecialEncode (byte data[]) - { + private String SpecialEncode(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { @@ -179,9 +170,7 @@ extends ASelfTest return sb.toString(); } - - private String getConfigString (String name) throws EMissingSelfTestException - { + private String getConfigString(String name) throws EMissingSelfTestException { String value = null; try { @@ -189,123 +178,109 @@ extends ASelfTest if (value != null) { value = value.trim(); } else { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_VALUES", - getSelfTestName(), mPrefix + "." + name)); - throw new EMissingSelfTestException (name); + getSelfTestName(), mPrefix + "." + name)); + throw new EMissingSelfTestException(name); } } catch (EBaseException e) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_NAME", - getSelfTestName(), mPrefix + "." + name)); - throw new EMissingSelfTestException (mPrefix, name, null); + getSelfTestName(), mPrefix + "." + name)); + throw new EMissingSelfTestException(mPrefix, name, null); } return value; } - - private byte[] getConfigByteArray (String name, int size) throws EMissingSelfTestException, - EInvalidSelfTestException - { + private byte[] getConfigByteArray(String name, int size) throws EMissingSelfTestException, + EInvalidSelfTestException { String stringValue = getConfigString(name); byte byteValue[] = com.netscape.cmsutil.util.Utils.SpecialDecode(stringValue); if (byteValue == null) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_MISSING_NAME", - getSelfTestName(), mPrefix + "." + name)); - throw new EMissingSelfTestException (name); + getSelfTestName(), mPrefix + "." + name)); + throw new EMissingSelfTestException(name); } if (byteValue.length != size) { - mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(), + mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS.getLogMessage("SELFTESTS_INVALID_VALUES", - getSelfTestName(), mPrefix + "." + name)); - throw new EInvalidSelfTestException (mPrefix, name, stringValue); + getSelfTestName(), mPrefix + "." + name)); + throw new EInvalidSelfTestException(mPrefix, name, stringValue); } return byteValue; } - /** * Notifies this subsystem if it is in execution mode. * <P> - * + * * @exception ESelfTestException failed to start */ public void startupSelfTest() - throws ESelfTestException - { + throws ESelfTestException { return; } - /** * Stops this subsystem. The subsystem may call shutdownSelfTest * anytime after initialization. * <P> */ - public void shutdownSelfTest() - { + public void shutdownSelfTest() { return; } - /** * Returns the name associated with this self test. This method may * return null if the self test has not been intialized. * <P> - * + * * @return instanceName of this self test */ - public String getSelfTestName() - { + public String getSelfTestName() { return super.getSelfTestName(); } - /** * Returns the root configuration storage (self test parameters) * associated with this subsystem. * <P> - * + * * @return configuration store (self test parameters) of this subsystem */ - public IConfigStore getSelfTestConfigStore() - { + public IConfigStore getSelfTestConfigStore() { return super.getSelfTestConfigStore(); } - /** * Retrieves description associated with an individual self test. * This method may return null. * <P> - * + * * @param locale locale of the client that requests the description * @return description of self test */ - public String getSelfTestDescription( Locale locale ) - { - return CMS.getUserMessage (locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION"); + public String getSelfTestDescription(Locale locale) { + return CMS.getUserMessage(locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION"); } - /** * Execute an individual self test. * <P> - * + * * @param logger specifies logging subsystem * @exception ESelfTestException self test exception */ - public void runSelfTest (ILogEventListener logger) - throws ESelfTestException - { + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException { String logMessage = null; String keySet = "defKeySet"; - byte[] sessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName, + byte[] sessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, mKeyInfo, mCUID, mMacKey, mUseSoftToken, keySet, null); @@ -314,12 +289,12 @@ extends ASelfTest if (sessionKey == null) { CMS.debug("TKSKnownSessionKey: generated no session key"); CMS.debug("TKSKnownSessionKey self test FAILED"); - logMessage = CMS.getLogMessage ("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log (logger, logMessage); - throw new ESelfTestException( logMessage ); - } else { - logMessage = CMS.getLogMessage ("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log (logger, logMessage); + logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new ESelfTestException(logMessage); + } else { + logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java index 4737e2f7..29088fc2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; - /** * Manage Access Control List configuration - * + * * @version $Revision$, $Date$ */ public class ACLAdminServlet extends AdminServlet { @@ -64,7 +62,7 @@ public class ACLAdminServlet extends AdminServlet { private IAuthzManager mAuthzMgr = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = - "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; /** * Constructs servlet. @@ -74,17 +72,18 @@ public class ACLAdminServlet extends AdminServlet { mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - /** - * initialize the servlet. + /** + * initialize the servlet. * <ul> * <li>http.param OP_TYPE = OP_SEARCH, * <li>http.param OP_SCOPE - the scope of the request operation: - * <ul><LI>"impl" ACL implementations - * <LI>"acls" ACL rules - * <LI>"evaluatorTypes" ACL evaluators. - * </ul> + * <ul> + * <LI>"impl" ACL implementations + * <LI>"acls" ACL rules + * <LI>"evaluatorTypes" ACL evaluators. * </ul> - * + * </ul> + * * @param config servlet configuration, read from the web.xml file */ public void init(ServletConfig config) throws ServletException { @@ -99,24 +98,24 @@ public class ACLAdminServlet extends AdminServlet { return INFO; } - /** + /** * Process the HTTP request. - * + * * @param req the object holding the request information * @param resp the object holding the response information */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -126,8 +125,8 @@ public class ACLAdminServlet extends AdminServlet { super.authenticate(req); } catch (IOException e) { log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -141,8 +140,8 @@ public class ACLAdminServlet extends AdminServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -152,9 +151,9 @@ public class ACLAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -171,8 +170,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -183,8 +182,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -195,8 +194,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -207,8 +206,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -218,38 +217,38 @@ public class ACLAdminServlet extends AdminServlet { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } /** * list acls resources by name */ - private void listResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -260,7 +259,7 @@ public class ACLAdminServlet extends AdminServlet { ACL acl = (ACL) res.nextElement(); String desc = acl.getDescription(); - if (desc == null) + if (desc == null) params.add(acl.getName(), ""); else params.add(acl.getName(), desc); @@ -272,8 +271,8 @@ public class ACLAdminServlet extends AdminServlet { /** * get acls information for a resource */ - private void getResourceACL(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void getResourceACL(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -283,8 +282,8 @@ public class ACLAdminServlet extends AdminServlet { if (resourceId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -295,7 +294,7 @@ public class ACLAdminServlet extends AdminServlet { StringBuffer rights = new StringBuffer(); - if (rightsEnum.hasMoreElements()) { + if (rightsEnum.hasMoreElements()) { while (rightsEnum.hasMoreElements()) { if (rights.length() != 0) { rights.append(","); @@ -332,8 +331,8 @@ public class ACLAdminServlet extends AdminServlet { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"), + null, resp); return; } } @@ -341,19 +340,19 @@ public class ACLAdminServlet extends AdminServlet { /** * modify acls information for a resource * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring - * Access Control List (ACL) information + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private void updateResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void updateResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -378,15 +377,15 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get resource acls String resourceACLs = super.getParameter(req, Constants.PR_ACI); String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS); - String desc = super.getParameter(req, Constants.PR_ACL_DESC); + String desc = super.getParameter(req, Constants.PR_ACL_DESC); try { mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc); @@ -417,8 +416,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"), + null, resp); return; } // } catch( EBaseException eAudit1 ) { @@ -459,18 +458,18 @@ public class ACLAdminServlet extends AdminServlet { // throw eAudit3; } } - + /** * list access evaluators by types and class paths */ - private void listACLsEvaluators(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listACLsEvaluators(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements(); while (res.hasMoreElements()) { - IAccessEvaluator evaluator = res.nextElement(); + IAccessEvaluator evaluator = res.nextElement(); // params.add(evaluator.getType(), evaluator.getDescription()); params.add(evaluator.getType(), evaluator.getClass().getName()); @@ -480,18 +479,18 @@ public class ACLAdminServlet extends AdminServlet { } private void listACLsEvaluatorTypes(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements(); while (res.hasMoreElements()) { - IAccessEvaluator evaluator = res.nextElement(); + IAccessEvaluator evaluator = res.nextElement(); String[] operators = evaluator.getSupportedOperators(); StringBuffer str = new StringBuffer(); for (int i = 0; i < operators.length; i++) { - if (str.length() > 0) + if (str.length() > 0) str.append(","); str.append(operators[i]); } @@ -505,22 +504,22 @@ public class ACLAdminServlet extends AdminServlet { /** * add access evaluators * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring - * Access Control List (ACL) information + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -543,8 +542,8 @@ public class ACLAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -560,9 +559,9 @@ public class ACLAdminServlet extends AdminServlet { String classPath = super.getParameter(req, Constants.PR_ACL_CLASS); IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); + mConfig.getSubStore(PROP_EVAL); IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); // Does the class exist? Class<?> newImpl = null; @@ -584,17 +583,16 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"), + null, resp); return; } // is the class an IAccessEvaluator? try { - if - (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { + if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + classPath; log(ILogger.LL_FAILURE, errMsg); @@ -608,13 +606,13 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } } catch (Exception e) { String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + classPath; log(ILogger.LL_FAILURE, errMsg); @@ -628,8 +626,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } @@ -653,8 +651,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -676,8 +674,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"), + null, resp); return; } @@ -743,21 +741,21 @@ public class ACLAdminServlet extends AdminServlet { /** * remove access evaluators * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring - * Access Control List (ACL) information + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void deleteACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void deleteACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -782,8 +780,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -803,8 +801,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"), + null, resp); return; } @@ -814,9 +812,9 @@ public class ACLAdminServlet extends AdminServlet { try { IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); + mConfig.getSubStore(PROP_EVAL); IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); mStore.removeSubStore(id); } catch (Exception eeee) { @@ -838,8 +836,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -892,11 +890,11 @@ public class ACLAdminServlet extends AdminServlet { // throw eAudit3; } } - + /** * Searchs for certificate requests. */ - + /* private void getACLs(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException, @@ -922,7 +920,6 @@ public class ACLAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "ACLAdminServlet: " + msg); + level, "ACLAdminServlet: " + msg); } -} - +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java index 2024e496..a36c859d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for the remote admin. - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 0f2a6ec7..5b3a8c5a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -56,32 +55,31 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; - /** * A class represents an administration servlet that * is responsible to serve administrative * operation such as configuration parameter updates. - * + * * Since each administration servlet needs to perform * authentication information parsing and response * formulation, it makes sense to encapsulate the * commonalities into this class. - * + * * By extending this serlvet, the subclass does not * need to re-implement the request parsing code * (i.e. authentication information parsing). - * + * * If a subsystem needs to expose configuration * parameters management, it should create an * administration servlet (i.e. CAAdminServlet) * and register it to RemoteAdmin subsystem. - * + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -117,8 +115,8 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -130,19 +128,19 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; private final static String CERTUSERDB = - IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; private final static String PASSWDUSERDB = - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -204,45 +202,44 @@ public class AdminServlet extends HttpServlet { } } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -250,7 +247,7 @@ public class AdminServlet extends HttpServlet { "CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -277,15 +274,12 @@ public class AdminServlet extends HttpServlet { * Authenticates to the identity scope with the given * userid and password via identity manager. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CMS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CMS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded * </ul> + * * @exception IOException an input/output error has occurred */ protected void authenticate(HttpServletRequest req) throws @@ -307,12 +301,12 @@ public class AdminServlet extends HttpServlet { // do nothing for now. } IAuthSubsystem auth = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { X509Certificate[] allCerts = - (X509Certificate[]) req.getAttribute(CERT_ATTR); + (X509Certificate[]) req.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file @@ -362,10 +356,9 @@ public class AdminServlet extends HttpServlet { mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager - authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); IAuthCredentials authCreds = - getAuthCreds(authMgr, cert); + getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { @@ -441,9 +434,9 @@ public class AdminServlet extends HttpServlet { if (tuserid == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", - tuserid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -477,9 +470,9 @@ public class AdminServlet extends HttpServlet { if (user == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", - tuserid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -515,7 +508,7 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -595,8 +588,8 @@ public class AdminServlet extends HttpServlet { } public static AuthCredentials getAuthCreds( - IAuthManager authMgr, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -606,8 +599,8 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } } return creds; @@ -616,15 +609,13 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization - * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CMS that's when one accesses a role port) * </ul> + * * @param req HTTP servlet request * @return the authorization token */ @@ -779,15 +770,15 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) - throws IOException { + NameValuePairs params, HttpServletResponse resp) + throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -806,8 +797,8 @@ public class AdminServlet extends HttpServlet { String value = java.net.URLEncoder.encode((String) params.getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + - "=" + value); + buf.append(java.net.URLEncoder.encode(name) + + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -858,8 +849,8 @@ public class AdminServlet extends HttpServlet { * Generic configuration store get operation. */ protected synchronized void getConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -876,8 +867,8 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - //System.out.println(name); - //System.out.println(name+","+config.getString(name)); + //System.out.println(name); + //System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); @@ -889,8 +880,8 @@ public class AdminServlet extends HttpServlet { * calling this, and commit changes after this call. */ protected synchronized void setConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -906,8 +897,8 @@ public class AdminServlet extends HttpServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -918,8 +909,8 @@ public class AdminServlet extends HttpServlet { * Lists configuration store. */ protected synchronized void listConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -938,14 +929,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -955,8 +946,8 @@ public class AdminServlet extends HttpServlet { if (user == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -973,9 +964,9 @@ public class AdminServlet extends HttpServlet { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -984,9 +975,9 @@ public class AdminServlet extends HttpServlet { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, - mGroupNames[i])); + ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, + mGroupNames[i])); return true; } } @@ -998,24 +989,24 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * + * * The original config file is moved to <filename>.<date>. * Commits the current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -1026,16 +1017,16 @@ public class AdminServlet extends HttpServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, - level, "AdminServlet: " + msg); + level, "AdminServlet: " + msg); } /** * Signed Audit Log - * + * * This method is inherited by all extended admin servlets * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1047,20 +1038,20 @@ public class AdminServlet extends HttpServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1092,13 +1083,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * + * * This method is inherited by all extended admin servlets and * is called to extract parameters from the HttpServletRequest * and return a string of name;;value pairs separated by a '+' * if more than one name;;value pair exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1176,22 +1167,22 @@ public class AdminServlet extends HttpServlet { // case-insensitive "password", "pwd", and "passwd" // name fields, and hide any password values: // - /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || - name.equals( Constants.TYPE_PASSWORD ) || - name.equals( Constants.PR_USER_PASSWORD ) || - name.equals( Constants.PT_OLD_PASSWORD ) || - name.equals( Constants.PT_NEW_PASSWORD ) || - name.equals( Constants.PT_DIST_STORE ) || - name.equals( Constants.PT_DIST_EMAIL ) || - /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || - // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || - name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || - name.equals( Constants.PR_OLD_AGENT_PWD ) || - name.equals( Constants.PR_AGENT_PWD ) || - name.equals( Constants.PT_PUBLISH_PWD ) || - /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || - name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || - name.equals( Constants.PR_TOKEN_PASSWD ) ) { + /* "password" */if (name.equals(Constants.PASSWORDTYPE) || + name.equals(Constants.TYPE_PASSWORD) || + name.equals(Constants.PR_USER_PASSWORD) || + name.equals(Constants.PT_OLD_PASSWORD) || + name.equals(Constants.PT_NEW_PASSWORD) || + name.equals(Constants.PT_DIST_STORE) || + name.equals(Constants.PT_DIST_EMAIL) || + /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) || + // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || + name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) || + name.equals(Constants.PR_OLD_AGENT_PWD) || + name.equals(Constants.PR_AGENT_PWD) || + name.equals(Constants.PT_PUBLISH_PWD) || + /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) || + name.equals(Constants.PR_BIND_PASSWD_AGAIN) || + name.equals(Constants.PR_TOKEN_PASSWD)) { // hide password value parameters += name @@ -1216,14 +1207,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * + * * This method is called to extract all "groups" associated * with the "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID * @return a delimited string of groups associated - * with the "auditSubjectID()" + * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1232,7 +1223,7 @@ public class AdminServlet extends HttpServlet { } if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1250,7 +1241,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -1258,7 +1249,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length()!= 0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1266,7 +1257,8 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) return null; + if (s == null) + return null; NameValuePairs nvps = new NameValuePairs(); int i; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index 4a7329c9..ceffb7c2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.certsrv.logging.ILogger; - /** * A class representing an administration servlet for the - * Authentication Management subsystem. This servlet is responsible + * Authentication Management subsystem. This servlet is responsible * to serve configuration requests for the Auths Management subsystem. * - * + * * @version $Revision$, $Date$ */ public class AuthAdminServlet extends AdminServlet { @@ -64,13 +62,13 @@ public class AuthAdminServlet extends AdminServlet { private final static String INFO = "AuthAdminServlet"; private IAuthSubsystem mAuths = null; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; private final static String VIEW = ";" + Constants.VIEW; private final static String EDIT = ";" + Constants.EDIT; private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = - "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; public AuthAdminServlet() { super(); @@ -88,18 +86,18 @@ public class AuthAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * retrieve extended plugin info such as brief description, type info * from policy, authentication, - * need to add: listener, mapper and publishing plugins + * need to add: listener, mapper and publishing plugins * --- same as policy, should we move this into extendedpluginhelper? */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -110,7 +108,7 @@ public class AuthAdminServlet extends AdminServlet { String implName = id.substring(colon + 1); NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -142,7 +140,7 @@ public class AuthAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); @@ -150,22 +148,22 @@ public class AuthAdminServlet extends AdminServlet { if (op == null) { //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } // if it is not authentication, that means it is for CSC admin ping. // the best way to do is to define another protocol for ping and move // it to the generic servlet which is admin servlet. - if (!op.equals(OpDef.OP_AUTH)) { + if (!op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTH)) { String id = req.getParameter(Constants.RS_ID); // for CSC admin ping only if (op.equals(OpDef.OP_READ) && - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { // no need to authenticate this. if we're alive, return true. NameValuePairs params = new NameValuePairs(); @@ -176,8 +174,8 @@ public class AuthAdminServlet extends AdminServlet { } else { //System.out.println("SRVLT_INVALID_OP_TYPE"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -186,7 +184,7 @@ public class AuthAdminServlet extends AdminServlet { try { if (op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTHTYPE)) { - IConfigStore configStore = CMS.getConfigStore(); + IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("authType", "pwd"); NameValuePairs params = new NameValuePairs(); @@ -196,8 +194,8 @@ public class AuthAdminServlet extends AdminServlet { } } } catch (Exception e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } // for the rest @@ -209,8 +207,8 @@ public class AuthAdminServlet extends AdminServlet { } } catch (IOException e) { //System.out.println("SRVLT_FAIL_AUTHS"); - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -223,8 +221,8 @@ public class AuthAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -238,8 +236,8 @@ public class AuthAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -249,17 +247,17 @@ public class AuthAdminServlet extends AdminServlet { listAuthMgrInsts(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -269,17 +267,17 @@ public class AuthAdminServlet extends AdminServlet { getInstConfig(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -289,17 +287,17 @@ public class AuthAdminServlet extends AdminServlet { addAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -309,17 +307,17 @@ public class AuthAdminServlet extends AdminServlet { delAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { @@ -328,18 +326,18 @@ public class AuthAdminServlet extends AdminServlet { } } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } - } + } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -356,23 +354,23 @@ public class AuthAdminServlet extends AdminServlet { /** * Add authentication manager plug-in * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring - * authentication + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - - private synchronized void addAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + + private synchronized void addAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -394,8 +392,8 @@ public class AuthAdminServlet extends AdminServlet { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? @@ -410,8 +408,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -428,13 +426,13 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), + null, resp); return; } if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") || - classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { + classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_AUTH, @@ -445,17 +443,17 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); return; } IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); // Does the class exist? - + Class<IAuthManager> newImpl = null; try { @@ -473,8 +471,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file @@ -487,8 +485,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } @@ -505,8 +503,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -520,8 +518,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } @@ -544,8 +542,8 @@ public class AuthAdminServlet extends AdminServlet { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -553,8 +551,8 @@ public class AuthAdminServlet extends AdminServlet { AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath); mAuths.getPlugins().put(id, plugin); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -611,22 +609,22 @@ public class AuthAdminServlet extends AdminServlet { /** * Add authentication manager instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring - * authentication + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -647,8 +645,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -664,8 +662,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), + null, resp); return; } @@ -685,21 +683,21 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } // prevent agent & admin creation. if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // check if implementation exists. AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -712,8 +710,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -723,9 +721,9 @@ public class AuthAdminServlet extends AdminServlet { String[] configParams = mAuths.getConfigParams(implname); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -765,8 +763,8 @@ public class AuthAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file @@ -780,8 +778,8 @@ public class AuthAdminServlet extends AdminServlet { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file @@ -795,8 +793,8 @@ public class AuthAdminServlet extends AdminServlet { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -835,16 +833,16 @@ public class AuthAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mAuths.add(id, authMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -900,8 +898,8 @@ public class AuthAdminServlet extends AdminServlet { } } - private synchronized void listAuthMgrPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listAuthMgrPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -909,8 +907,8 @@ public class AuthAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - AuthMgrPlugin value = (AuthMgrPlugin) - mAuths.getPlugins().get(name); + AuthMgrPlugin value = (AuthMgrPlugin) + mAuths.getPlugins().get(name); if (value.isVisible()) { params.add(name, value.getClassPath() + EDIT); @@ -920,14 +918,13 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void listAuthMgrInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listAuthMgrInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration<?> e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name); IAuthManager value = proxy.getAuthManager(); @@ -938,7 +935,7 @@ public class AuthAdminServlet extends AdminServlet { } AuthMgrPlugin amgrplugin = (AuthMgrPlugin) - mAuths.getPlugins().get(value.getImplName()); + mAuths.getPlugins().get(value.getImplName()); if (!amgrplugin.isVisible()) { params.add(name, value.getImplName() + ";invisible;" + enableStr); @@ -953,21 +950,21 @@ public class AuthAdminServlet extends AdminServlet { /** * Delete authentication manager plug-in * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring - * authentication + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -991,16 +988,16 @@ public class AuthAdminServlet extends AdminServlet { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager exist? @@ -1015,15 +1012,14 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } // first check if any instances from this auth manager // DON'T remove auth manager if any instance - for (Enumeration<?> e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement()); if (authMgr.getImplName() == id) { @@ -1037,19 +1033,19 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"), + null, resp); return; } } - + // then delete this auth manager mAuths.getPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1066,8 +1062,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1124,21 +1120,21 @@ public class AuthAdminServlet extends AdminServlet { /** * Delete authentication manager instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring - * authentication + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1162,16 +1158,16 @@ public class AuthAdminServlet extends AdminServlet { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager instance exist? @@ -1186,8 +1182,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1200,9 +1196,9 @@ public class AuthAdminServlet extends AdminServlet { // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1220,8 +1216,8 @@ public class AuthAdminServlet extends AdminServlet { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1283,24 +1279,24 @@ public class AuthAdminServlet extends AdminServlet { /** * used for getting the required configuration parameters (with - * possible default values) for a particular auth manager plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this authentication subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * possible default values) for a particular auth manager plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this authentication subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1318,8 +1314,8 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -1327,16 +1323,16 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1366,28 +1362,28 @@ public class AuthAdminServlet extends AdminServlet { /** * Modify authentication manager instance - * This will actually create a new instance with new configuration + * This will actually create a new instance with new configuration * parameters and replace the old instance if the new instance is * created and initialized successfully. * The old instance is left running, so this is very expensive. * Restart of server recommended. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring - * authentication + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. @@ -1411,16 +1407,16 @@ public class AuthAdminServlet extends AdminServlet { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent modification of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // Does the manager instance exist? @@ -1435,8 +1431,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), - null, resp); + CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), + null, resp); return; } @@ -1454,14 +1450,14 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } // get plugin for implementation AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -1474,15 +1470,15 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } // save old instance substore params in case new one fails. - IAuthManager oldinst = - (IAuthManager) mAuths.get(id); + IAuthManager oldinst = + (IAuthManager) mAuths.get(id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -1490,7 +1486,7 @@ public class AuthAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IAuthSubsystem.PROP_PLUGIN, - (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); + (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -1507,9 +1503,9 @@ public class AuthAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -1551,8 +1547,8 @@ public class AuthAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file @@ -1566,8 +1562,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file @@ -1581,8 +1577,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -1623,8 +1619,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1632,8 +1628,8 @@ public class AuthAdminServlet extends AdminServlet { mAuths.add(id, newMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); NameValuePairs params = new NameValuePairs(); @@ -1688,8 +1684,8 @@ public class AuthAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1699,7 +1695,7 @@ public class AuthAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java index bfa9cccd..d0bbfa82 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -40,19 +38,21 @@ public class AuthCredentials implements IAuthCredentials { private Hashtable authCreds = null; // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -72,8 +73,9 @@ public class AuthCredentials implements IAuthCredentials { /** * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * credential set. This method does nothing if the named + * credential is not in the credential set. + * * @param name credential name */ public void delete(String name) { @@ -82,26 +84,26 @@ public class AuthCredentials implements IAuthCredentials { /** * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * set. Use the Enumeration methods on the returned object to + * fetch the elements sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java index 0ae51ce4..4a059106 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.net.UnknownHostException; @@ -45,13 +44,12 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequestListener; import com.netscape.cmsutil.util.Utils; - /** * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve CA - * administrative operations such as configuration parameter + * Authority. This servlet is responsible to serve CA + * administrative operations such as configuration parameter * updates. - * + * * @version $Revision$, $Date$ */ public class CAAdminServlet extends AdminServlet { @@ -66,7 +64,7 @@ public class CAAdminServlet extends AdminServlet { private final static String INFO = "CAAdminServlet"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; private ICertificateAuthority mCA = null; protected static final String PROP_ENABLED = "enabled"; @@ -98,9 +96,9 @@ public class CAAdminServlet extends AdminServlet { * the authenticate manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - + //get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -109,7 +107,7 @@ public class CAAdminServlet extends AdminServlet { if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); @@ -120,8 +118,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -135,8 +133,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -159,8 +157,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -171,9 +169,9 @@ public class CAAdminServlet extends AdminServlet { setCRLIPsConfig(req, resp); else if (scope.equals(ScopeDef.SC_CRL)) setCRLConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) setNotificationReqCompConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) setNotificationRevCompConfig(req, resp); else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) setNotificationRIQConfig(req, resp); @@ -183,8 +181,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLEXTS_RULES)) @@ -195,8 +193,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -205,8 +203,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -223,20 +221,20 @@ public class CAAdminServlet extends AdminServlet { /*========================================================== * private methods *==========================================================*/ - + /* * handle request completion (cert issued) notification config requests */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { - + NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); - + if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -247,33 +245,33 @@ public class CAAdminServlet extends AdminServlet { continue; params.add(name, rc.getString(name, "")); } - + params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); + rc.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } - + private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); - + getNotificationCompConfig(req, resp, rc); } - + private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); - + getNotificationCompConfig(req, resp, rc); } @@ -281,14 +279,14 @@ public class CAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -308,8 +306,8 @@ public class CAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } @@ -317,11 +315,11 @@ public class CAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -346,15 +344,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { + || (template.isDirectory())) { String error = - "Template: " + val + " does not exist or invalid"; + "Template: " + val + " does not exist or invalid"; log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -377,9 +375,9 @@ public class CAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - + //set rest of the parameters Enumeration e = req.getParameterNames(); @@ -401,15 +399,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { + || (template.isDirectory())) { String error = - "Template: " + val + " does not exist or invalid"; + "Template: " + val + " does not exist or invalid"; log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -429,23 +427,23 @@ public class CAAdminServlet extends AdminServlet { } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener()); - } + } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); @@ -454,8 +452,8 @@ public class CAAdminServlet extends AdminServlet { } private void listCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration ips = mCA.getCRLIssuingPoints(); @@ -469,16 +467,16 @@ public class CAAdminServlet extends AdminServlet { if (ipId != null && ipId.length() > 0) params.add(ipId, ip.getDescription()); params.add(ipId + "." + Constants.PR_ENABLED, - (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); + (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); } } - + sendResponse(SUCCESS, null, params, resp); } private void getCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); @@ -518,11 +516,11 @@ public class CAAdminServlet extends AdminServlet { /** * Add CRL issuing points configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when - * configuring CRL profile (extensions, frequency, CRL format) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -530,8 +528,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void addCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -578,7 +576,7 @@ public class CAAdminServlet extends AdminServlet { boolean enable = true; if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { @@ -586,7 +584,7 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); Enumeration crlNames = crlSubStore.getSubStoreNames(); while (crlNames.hasMoreElements()) { @@ -673,11 +671,11 @@ public class CAAdminServlet extends AdminServlet { /** * Set CRL issuing points configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when - * configuring CRL profile (extensions, frequency, CRL format) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -685,8 +683,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -733,7 +731,7 @@ public class CAAdminServlet extends AdminServlet { boolean enable = true; if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { @@ -741,7 +739,7 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -759,8 +757,8 @@ public class CAAdminServlet extends AdminServlet { if (c != null) { c.putString(Constants.PR_DESCRIPTION, desc); - c.putString(Constants.PR_ENABLED, - (enable) ? Constants.TRUE : Constants.FALSE); + c.putString(Constants.PR_ENABLED, + (enable) ? Constants.TRUE : Constants.FALSE); } done = true; break; @@ -833,11 +831,11 @@ public class CAAdminServlet extends AdminServlet { /** * Delete CRL issuing points configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when - * configuring CRL profile (extensions, frequency, CRL format) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -845,8 +843,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void deleteCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -859,7 +857,7 @@ public class CAAdminServlet extends AdminServlet { if (id != null && id.length() > 0) { IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -938,8 +936,8 @@ public class CAAdminServlet extends AdminServlet { } private void getCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String ipId = null; @@ -974,11 +972,11 @@ public class CAAdminServlet extends AdminServlet { /** * Delete CRL extensions configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when - * configuring CRL profile (extensions, frequency, CRL format) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -986,8 +984,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1007,10 +1005,10 @@ public class CAAdminServlet extends AdminServlet { IConfigStore config = mCA.getConfigStore(); IConfigStore crlsSubStore = - config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId); IConfigStore crlExtsSubStore = - crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); String id = req.getParameter(Constants.RS_ID); @@ -1092,8 +1090,8 @@ public class CAAdminServlet extends AdminServlet { } private void listCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.PR_ID); @@ -1130,12 +1128,12 @@ public class CAAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - /** + /** * retrieve extended plugin info such as brief description, * type info from CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -1143,8 +1141,8 @@ public class CAAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -1191,11 +1189,11 @@ public class CAAdminServlet extends AdminServlet { /** * Set CRL configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when - * configuring CRL profile (extensions, frequency, CRL format) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -1203,7 +1201,7 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1215,7 +1213,7 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id); @@ -1301,7 +1299,7 @@ public class CAAdminServlet extends AdminServlet { } private void getCRLConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1309,11 +1307,11 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } IConfigStore crlsSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); Enumeration e = req.getParameterNames(); @@ -1335,9 +1333,9 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); sendResponse(SUCCESS, null, params, resp); } - + private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); @@ -1370,14 +1368,14 @@ public class CAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; -// String nickname = CMS.getServerCertNickname(); + // String nickname = CMS.getServerCertNickname(); if (isKRAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("KRA"); @@ -1397,12 +1395,12 @@ public class CAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + if (name.equals("nickName")) { + caConnectorConfig.putString(name, nickname); + continue; + } + */ if (name.equals("host")) { try { Utils.checkHost(req.getParameter("host")); @@ -1456,7 +1454,7 @@ public class CAAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1476,7 +1474,6 @@ public class CAAdminServlet extends AdminServlet { params.add(Constants.PR_EE_ENABLED, value); */ - IConfigStore caConfig = mCA.getConfigStore(); value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); @@ -1485,18 +1482,18 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); getSerialConfig(params); getMaxSerialConfig(params); - + sendResponse(SUCCESS, null, params, resp); } private void getSigningAlgConfig(NameValuePairs params) { params.add(Constants.PR_DEFAULT_ALGORITHM, - mCA.getDefaultAlgorithm()); + mCA.getDefaultAlgorithm()); String[] algorithms = mCA.getCASigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); for (int i = 0; i < algorithms.length; i++) { - if (i == 0) + if (i == 0) algorStr.append(algorithms[i]); else { algorStr.append(":"); @@ -1508,16 +1505,16 @@ public class CAAdminServlet extends AdminServlet { private void getSerialConfig(NameValuePairs params) { params.add(Constants.PR_SERIAL, - mCA.getStartSerial()); + mCA.getStartSerial()); } private void getMaxSerialConfig(NameValuePairs params) { params.add(Constants.PR_MAXSERIAL, - mCA.getMaxSerial()); + mCA.getMaxSerial()); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ISubsystem eeGateway = null; @@ -1573,6 +1570,6 @@ public class CAAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "CAAdminServlet: " + msg); + level, "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 3251e46b..30c64220 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -86,7 +85,7 @@ import com.netscape.symkey.SessionKey; * servlet is responsible to serve Certificate Server * level administrative operations such as configuration * parameter updates. - * + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -108,13 +107,13 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = - "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = - "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = - "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = - "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; @@ -145,13 +144,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + null, resp); return; } @@ -164,8 +163,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getEnv(req, resp); @@ -175,8 +174,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -199,13 +198,13 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -213,9 +212,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -229,8 +228,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -239,11 +238,11 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); @@ -251,21 +250,21 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req,resp); + deleteUserCert(req, resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -282,14 +281,14 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -303,7 +302,7 @@ public final class CMSAdminServlet extends AdminServlet { } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -316,7 +315,7 @@ public final class CMSAdminServlet extends AdminServlet { } private void getEnv(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -324,16 +323,16 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -342,15 +341,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -363,16 +362,16 @@ public final class CMSAdminServlet extends AdminServlet { //get subsystem type if ((sys instanceof IKeyRecoveryAuthority) && - subsystem.equals("kra")) + subsystem.equals("kra")) return true; else if ((sys instanceof IRegistrationAuthority) && - subsystem.equals("ra")) + subsystem.equals("ra")) return true; else if ((sys instanceof ICertificateAuthority) && - subsystem.equals("ca")) + subsystem.equals("ca")) return true; else if ((sys instanceof IOCSPAuthority) && - subsystem.equals("ocsp")) + subsystem.equals("ocsp")) return true; } @@ -380,7 +379,7 @@ public final class CMSAdminServlet extends AdminServlet { } private void readEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -405,17 +404,17 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; - - } + + } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_CIPHER_VERSION, - jssSubSystem.getCipherVersion()); + jssSubSystem.getCipherVersion()); params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); @@ -427,7 +426,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -457,7 +456,7 @@ public final class CMSAdminServlet extends AdminServlet { if (isRAInstalled) { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); @@ -465,17 +464,17 @@ public final class CMSAdminServlet extends AdminServlet { if (isKRAInstalled) { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { ITKSAuthority tks = (ITKSAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_TKS); + CMS.getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -517,17 +516,17 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when - * configuring encryption (cert settings and SSL cipher preferences) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when configuring encryption (cert settings and SSL cipher preferences) * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -537,10 +536,10 @@ public final class CMSAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -563,14 +562,14 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); @@ -693,19 +692,19 @@ public final class CMSAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -767,7 +766,7 @@ public final class CMSAdminServlet extends AdminServlet { * Performs Server Tasks: RESTART/STOP operation */ private void performTasks(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); @@ -795,7 +794,7 @@ public final class CMSAdminServlet extends AdminServlet { * Reads subsystems that server has loaded with. */ private void readSubsystem(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -814,7 +813,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -827,7 +826,7 @@ public final class CMSAdminServlet extends AdminServlet { * Reads server statistics. */ private void readStat(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); @@ -850,9 +849,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -860,12 +859,12 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies database information. */ private void setDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); @@ -876,117 +875,111 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - /** + + /** * Create Master Key */ -private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + Enumeration<String> e = req.getParameterNames(); + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) - { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) - { - selectedToken = req.getParameter(name); - } - + if (name.equals(Constants.PR_KEY_LIST)) { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) { + selectedToken = req.getParameter(name); + } } - if(selectedToken!=null && newKeyName!=null) - { - String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); -} + if (selectedToken != null && newKeyName != null) { + String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); + } - /** + /** * Reads secmod.db */ private void getTKSKeys(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); + Enumeration<String> e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) - { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if(!jssSubSystem.isTokenLoggedIn(selectedToken)) - { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager.getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager.getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - - + /** * Reads database information. */ private void getDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); - + Enumeration<String> e = req.getParameterNames(); + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -998,7 +991,7 @@ private void createMasterKey(HttpServletRequest req, continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1008,7 +1001,7 @@ private void createMasterKey(HttpServletRequest req, * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1022,7 +1015,7 @@ private void createMasterKey(HttpServletRequest req, if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1032,23 +1025,23 @@ private void createMasterKey(HttpServletRequest req, * Reads SMTP configuration. */ private void readSMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_SERVER_NAME, - dbConfig.getString("host")); + dbConfig.getString("host")); params.add(Constants.PR_PORT, - dbConfig.getString("port")); + dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } private void loggedInToken(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1064,7 +1057,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1074,10 +1067,10 @@ private void createMasterKey(HttpServletRequest req, } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1090,7 +1083,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1103,17 +1096,17 @@ private void createMasterKey(HttpServletRequest req, /** * Retrieve a certificate request * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when - * asymmetric keys are generated + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when asymmetric keys are generated * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ private void getCertRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1124,7 +1117,7 @@ private void createMasterKey(HttpServletRequest req, try { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String tokenName = Constants.PR_INTERNAL_TOKEN_NAME; String keyType = ""; int keyLength = 512; @@ -1164,10 +1157,10 @@ private void createMasterKey(HttpServletRequest req, } pathname = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; dir = pathname; ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1210,7 +1203,7 @@ private void createMasterKey(HttpServletRequest req, keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); } else { //DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); + pqgParams = jssSubSystem.getPQG(keyLength); keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); } } @@ -1289,25 +1282,25 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1322,16 +1315,16 @@ private void createMasterKey(HttpServletRequest req, private String getCANewnickname() throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { + throws EBaseException { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1345,13 +1338,13 @@ private void createMasterKey(HttpServletRequest req, private String getRANewnickname() throws EBaseException { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { + throws EBaseException { IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { @@ -1367,7 +1360,7 @@ private void createMasterKey(HttpServletRequest req, } } else { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1387,20 +1380,20 @@ private void createMasterKey(HttpServletRequest req, if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1418,8 +1411,8 @@ private void createMasterKey(HttpServletRequest req, return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* @@ -1436,8 +1429,8 @@ private void createMasterKey(HttpServletRequest req, */ } - private String getRADMNewnickname() - throws EBaseException { + private String getRADMNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); @@ -1449,7 +1442,7 @@ private void createMasterKey(HttpServletRequest req, } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* @@ -1466,8 +1459,8 @@ private void createMasterKey(HttpServletRequest req, */ } - private String getAgentNewnickname() - throws EBaseException { + private String getAgentNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); @@ -1481,18 +1474,17 @@ private void createMasterKey(HttpServletRequest req, /** * Issue import certificate * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the - * certificate database + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1501,7 +1493,7 @@ private void createMasterKey(HttpServletRequest req, // to the signed audit log and stored as failures try { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String pkcs = ""; String type = ""; String tokenName = Constants.PR_INTERNAL_TOKEN_NAME; @@ -1518,7 +1510,7 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") + File.separator + "conf" + File.separator; pathname = configPath + value; @@ -1532,13 +1524,13 @@ private void createMasterKey(HttpServletRequest req, String certType = (String) properties.get(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); IDBSubsystem dbs = (IDBSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_DBS); + CMS.getSubsystem(CMS.SUBSYSTEM_DBS); ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; //this is the old nick name @@ -1566,8 +1558,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1587,13 +1578,12 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } //xxx renew ca ,use old issuer? properties.setIssuerName( - jssSubSystem.getCertSubjectName(oldcatokenname, + jssSubSystem.getCertSubjectName(oldcatokenname, canicknameWithoutTokenName)); KeyPair pair = null; @@ -1608,8 +1598,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } //xxx set to old nickname? @@ -1633,12 +1622,12 @@ private void createMasterKey(HttpServletRequest req, defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert if (properties.getKeyCurveName() != null) { //new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; } else if (properties.getKeyLength() != null) { //new RSA or DSA keyType = properties.getKeyType(); @@ -1651,7 +1640,7 @@ private void createMasterKey(HttpServletRequest req, //properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1684,7 +1673,7 @@ private void createMasterKey(HttpServletRequest req, properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1695,12 +1684,12 @@ private void createMasterKey(HttpServletRequest req, // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = - jssSubSystem.getSignedCert(properties, certType, + X509CertImpl signedCert = + jssSubSystem.getSignedCert(properties, certType, caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); /* bug 600124 try { @@ -1721,7 +1710,7 @@ private void createMasterKey(HttpServletRequest req, certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); + Date now = new Date(); String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); @@ -1746,20 +1735,20 @@ private void createMasterKey(HttpServletRequest req, if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { X509CertInfo certInfo = (X509CertInfo) signedCert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.class.getSimpleName()); + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.class.getSimpleName()); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1776,7 +1765,7 @@ private void createMasterKey(HttpServletRequest req, } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); if ((newtokenname != null && !newtokenname.equals(oldtokenname)) || nicknameChanged) { @@ -1786,10 +1775,10 @@ private void createMasterKey(HttpServletRequest req, newtokenname); } else { signingUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, + nicknameWithoutTokenName, newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { @@ -1802,8 +1791,8 @@ private void createMasterKey(HttpServletRequest req, modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1820,23 +1809,23 @@ private void createMasterKey(HttpServletRequest req, modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { ocspSigningUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + nicknameWithoutTokenName, + newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -1884,46 +1873,45 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the - * certificate database + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ private void installCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1940,37 +1928,37 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String certpath = ""; @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1981,7 +1969,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(certpath); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2009,7 +1997,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); @@ -2017,7 +2005,7 @@ private void createMasterKey(HttpServletRequest req, + File.separator + "config" + File.separator + pathname; ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); //String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; @@ -2039,7 +2027,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* @@ -2094,17 +2082,17 @@ private void createMasterKey(HttpServletRequest req, // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if(eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); + if (eString.contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString); X509Certificate cert = null; try { @@ -2116,11 +2104,11 @@ private void createMasterKey(HttpServletRequest req, } catch (Exception ex) { CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); + Date now = new Date(); String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); @@ -2131,16 +2119,16 @@ private void createMasterKey(HttpServletRequest req, } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); String signatureAlg = - jssSubSystem.getSignatureAlgorithm(nickname); + jssSubSystem.getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2149,26 +2137,26 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.class.getSimpleName()); + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.class.getSimpleName()); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2187,34 +2175,34 @@ private void createMasterKey(HttpServletRequest req, } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { + } else { ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2224,7 +2212,7 @@ private void createMasterKey(HttpServletRequest req, } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { @@ -2233,15 +2221,15 @@ private void createMasterKey(HttpServletRequest req, modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2252,7 +2240,7 @@ private void createMasterKey(HttpServletRequest req, boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2261,7 +2249,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2280,11 +2268,11 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); mConfig.commit(true); - if(verified == true) { + if (verified == true) { sendResponse(SUCCESS, null, null, resp); } else { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), - null, resp); + null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -2310,37 +2298,36 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * For "importing" cross-signed cert into internal db for further * cross pair matching and publishing * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import a CA cross-signed - * certificate into the database + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import a CA cross-signed certificate into the database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ private void importXCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2355,7 +2342,7 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String certpath = ""; @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); while (enum1.hasMoreElements()) { @@ -2363,29 +2350,29 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2396,7 +2383,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(certpath); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2423,7 +2410,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2441,7 +2428,7 @@ private void createMasterKey(HttpServletRequest req, + File.separator + "config" + File.separator + pathname; ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); try { //this will import into internal ldap crossCerts entry @@ -2480,8 +2467,8 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2521,19 +2508,19 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { @@ -2541,13 +2528,13 @@ private void createMasterKey(HttpServletRequest req, if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service @@ -2562,28 +2549,28 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } private void getCertInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; String path = ""; @@ -2616,7 +2603,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(path); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2640,7 +2627,7 @@ private void createMasterKey(HttpServletRequest req, int totalLen = pkcs.length(); if (pkcs.indexOf(BEGIN_HEADER) != 0 || - pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + pkcs.indexOf(END_HEADER) != (totalLen - 25)) { throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } @@ -2665,7 +2652,7 @@ private void createMasterKey(HttpServletRequest req, nickname = getNickname(certType); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); @@ -2678,12 +2665,12 @@ private void createMasterKey(HttpServletRequest req, } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2703,7 +2690,7 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2714,20 +2701,20 @@ private void createMasterKey(HttpServletRequest req, } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2759,92 +2746,92 @@ private void createMasterKey(HttpServletRequest req, } String trustbit = jssSubSystem.getRootCertTrustBit(nickname, - serialno, issuername); + serialno, issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } private void getCACerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } private void deleteRootCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } private void deleteUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } private void getRootCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } private void getUserCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void deleteCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -2872,9 +2859,9 @@ private void createMasterKey(HttpServletRequest req, } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { @@ -2883,19 +2870,19 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_SUBJECT_NAME)) { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -2917,16 +2904,16 @@ private void createMasterKey(HttpServletRequest req, int minKey = mConfig.getInteger( ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String curveName = null; @@ -2942,7 +2929,7 @@ private void createMasterKey(HttpServletRequest req, String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i=0; i<curves.length; i++) { + for (int i = 0; i < curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } @@ -2955,9 +2942,9 @@ private void createMasterKey(HttpServletRequest req, } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String certExt = ""; @@ -2972,19 +2959,19 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } private void getSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3003,7 +2990,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3011,7 +2998,7 @@ private void createMasterKey(HttpServletRequest req, } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") @@ -3033,7 +3020,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3041,7 +3028,7 @@ private void createMasterKey(HttpServletRequest req, } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3053,10 +3040,10 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: setRootCertTrust()"); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, @@ -3083,18 +3070,17 @@ private void createMasterKey(HttpServletRequest req, /** * Establish trust of a CA certificate * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and - * deletion of certs + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Manage Certificate" is used to edit the trustness of certs and deletion of certs * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ private void trustCACert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3104,10 +3090,10 @@ private void createMasterKey(HttpServletRequest req, // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3160,41 +3146,41 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self - * tests are run on demand + * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self tests are run on demand * </ul> + * * @exception EMissingSelfTestException a self test plugin instance - * property name was missing + * property name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ private synchronized void - runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) - throws EMissingSelfTestException, - ESelfTestException, - IOException { + runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) + throws EMissingSelfTestException, + ESelfTestException, + IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3203,7 +3189,7 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); @@ -3224,10 +3210,10 @@ private void createMasterKey(HttpServletRequest req, } ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); if ((request == null) || - (request.equals(""))) { + (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", @@ -3236,7 +3222,7 @@ private void createMasterKey(HttpServletRequest req, ); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3264,7 +3250,7 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3288,8 +3274,8 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3309,7 +3295,7 @@ private void createMasterKey(HttpServletRequest req, } ISelfTest test = (ISelfTest) - mSelfTestSubsystem.getSelfTest(instanceName); + mSelfTestSubsystem.getSelfTest(instanceName); if (test == null) { // self test plugin instance property name is not present @@ -3319,8 +3305,8 @@ private void createMasterKey(HttpServletRequest req, instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3342,9 +3328,9 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification @@ -3368,8 +3354,8 @@ private void createMasterKey(HttpServletRequest req, instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3401,7 +3387,7 @@ private void createMasterKey(HttpServletRequest req, logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3412,7 +3398,7 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3429,14 +3415,14 @@ private void createMasterKey(HttpServletRequest req, // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); + CMSAdminServlet.class.getName()); results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, - content); + content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file @@ -3475,16 +3461,16 @@ private void createMasterKey(HttpServletRequest req, } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3533,4 +3519,3 @@ private void createMasterKey(HttpServletRequest req, } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index 7f18d94e..b310f8c9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,7 +41,6 @@ import com.netscape.certsrv.jobs.IJobsScheduler; import com.netscape.certsrv.jobs.JobPlugin; import com.netscape.certsrv.logging.ILogger; - /** * A class representing an administration servlet for the * Jobs Scheduler and it's scheduled jobs. @@ -82,16 +80,16 @@ public class JobsAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * retrieve extended plugin info such as brief description, type info * from jobs */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -100,8 +98,8 @@ public class JobsAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -111,7 +109,7 @@ public class JobsAdminServlet extends AdminServlet { Object impl = null; JobPlugin jp = - (JobPlugin) mJobsSched.getPlugins().get(implName); + (JobPlugin) mJobsSched.getPlugins().get(implName); if (jp != null) impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath()); @@ -137,7 +135,7 @@ public class JobsAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); @@ -145,17 +143,17 @@ public class JobsAdminServlet extends AdminServlet { if (op == null) { //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -165,8 +163,8 @@ public class JobsAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) @@ -174,27 +172,27 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) getConfig(req, resp); else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) - getInstConfig(req, resp); + getInstConfig(req, resp); else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { - try { - getExtendedPluginInfo(req, resp); - } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); - return; + try { + getExtendedPluginInfo(req, resp); + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; } } else { //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) { @@ -202,17 +200,17 @@ public class JobsAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) { modJobsInst(req, resp, scope); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -221,17 +219,17 @@ public class JobsAdminServlet extends AdminServlet { listJobsInsts(req, resp); else { //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -240,17 +238,17 @@ public class JobsAdminServlet extends AdminServlet { addJobsInst(req, resp, scope); else { //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -259,41 +257,41 @@ public class JobsAdminServlet extends AdminServlet { delJobsInst(req, resp, scope); else { //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } - private synchronized void addJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -301,15 +299,15 @@ public class JobsAdminServlet extends AdminServlet { if (classPath == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"), + null, resp); return; } IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -318,13 +316,13 @@ public class JobsAdminServlet extends AdminServlet { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } @@ -332,14 +330,14 @@ public class JobsAdminServlet extends AdminServlet { try { if (IJob.class.isAssignableFrom(newImpl) == false) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -353,8 +351,8 @@ public class JobsAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -362,8 +360,8 @@ public class JobsAdminServlet extends AdminServlet { JobPlugin plugin = new JobPlugin(id, classPath); mJobsSched.getPlugins().put(id, plugin); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -371,24 +369,24 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void addJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job instance id unique? if (mJobsSched.getInstances().containsKey((Object) id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -399,21 +397,21 @@ public class JobsAdminServlet extends AdminServlet { if (implname == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -423,9 +421,9 @@ public class JobsAdminServlet extends AdminServlet { String[] configParams = mJobsSched.getConfigParams(implname); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -437,10 +435,10 @@ public class JobsAdminServlet extends AdminServlet { substore.put(key, val); } else if (!key.equals("profileId")) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -458,28 +456,28 @@ public class JobsAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } - + IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); // initialize the job plugin try { @@ -498,16 +496,16 @@ public class JobsAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mJobsSched.getInstances().put(id, jobsInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -516,8 +514,8 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void listJobPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listJobPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -525,8 +523,8 @@ public class JobsAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - JobPlugin value = (JobPlugin) - mJobsSched.getPlugins().get(name); + JobPlugin value = (JobPlugin) + mJobsSched.getPlugins().get(name); params.add(name, value.getClassPath()); // params.add(name, value.getClassPath()+EDIT); @@ -535,29 +533,28 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void listJobsInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listJobsInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mJobsSched.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - IJob value = (IJob) - mJobsSched.getInstances().get((Object) name); + IJob value = (IJob) + mJobsSched.getInstances().get((Object) name); // params.add(name, value.getImplName()); params.add(name, value.getImplName() + VISIBLE + - (value.isEnabled() ? ENABLED : DISABLED) - ); + (value.isEnabled() ? ENABLED : DISABLED) + ); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void delJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -566,42 +563,41 @@ public class JobsAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does this job plugin exist? if (mJobsSched.getPlugins().containsKey(id) == false) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } // first check if any instances from this job plugin // DON'T remove job plugin if any instance - for (Enumeration e = mJobsSched.getInstances().elements(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().elements(); e.hasMoreElements();) { IJob jobs = (IJob) e.nextElement(); if ((jobs.getImplName()).equals(id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"), + null, resp); return; } } - + // then delete this job plugin mJobsSched.getPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -609,8 +605,8 @@ public class JobsAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -618,8 +614,8 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void delJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -628,17 +624,17 @@ public class JobsAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -651,9 +647,9 @@ public class JobsAdminServlet extends AdminServlet { // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -662,8 +658,8 @@ public class JobsAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -673,24 +669,24 @@ public class JobsAdminServlet extends AdminServlet { /** * used for getting the required configuration parameters (with - * possible default values) for a particular job plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this job scheduler subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * possible default values) for a particular job plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this job scheduler subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -708,25 +704,25 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -758,15 +754,15 @@ public class JobsAdminServlet extends AdminServlet { /** * Modify job plugin instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance + * This will actually create a new instance with new configuration + * parameters and replace the old instance, if the new instance * created and initialized successfully. * The old instance is left running. so this is very expensive. * Restart of server recommended. */ - private synchronized void modJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. @@ -775,16 +771,16 @@ public class JobsAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the job instance exist? if (!mJobsSched.getInstances().containsKey((Object) id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -793,27 +789,27 @@ public class JobsAdminServlet extends AdminServlet { if (implname == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // get plugin for implementation JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } // save old instance substore params in case new one fails. - IJob oldinst = - (IJob) mJobsSched.getInstances().get((Object) id); + IJob oldinst = + (IJob) mJobsSched.getInstances().get((Object) id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -821,7 +817,7 @@ public class JobsAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IJobsScheduler.PROP_PLUGIN, - (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); + (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -838,9 +834,9 @@ public class JobsAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -861,10 +857,10 @@ public class JobsAdminServlet extends AdminServlet { } else if (!key.equals("profileId")) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -880,30 +876,30 @@ public class JobsAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } // initialize the job plugin IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); try { newJobInst.init(scheduler, id, implname, substore); @@ -928,8 +924,8 @@ public class JobsAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -937,8 +933,8 @@ public class JobsAdminServlet extends AdminServlet { mJobsSched.getInstances().put(id, newJobInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -947,24 +943,24 @@ public class JobsAdminServlet extends AdminServlet { } private void getSettings(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - params.add(Constants.PR_ENABLE, - config.getString(IJobsScheduler.PROP_ENABLED, - Constants.FALSE)); + params.add(Constants.PR_ENABLE, + config.getString(IJobsScheduler.PROP_ENABLED, + Constants.FALSE)); // default 1 minute - params.add(Constants.PR_JOBS_FREQUENCY, - config.getString(IJobsScheduler.PROP_INTERVAL, "1")); + params.add(Constants.PR_JOBS_FREQUENCY, + config.getString(IJobsScheduler.PROP_INTERVAL, "1")); //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void setSettings(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { //Save New Settings to the config file IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); @@ -980,12 +976,12 @@ public class JobsAdminServlet extends AdminServlet { //set frequency String interval = - req.getParameter(Constants.PR_JOBS_FREQUENCY); + req.getParameter(Constants.PR_JOBS_FREQUENCY); if (interval != null) { config.putString(IJobsScheduler.PROP_INTERVAL, interval); mJobsSched.setInterval( - config.getInteger(IJobsScheduler.PROP_INTERVAL)); + config.getInteger(IJobsScheduler.PROP_INTERVAL)); } if (enabledChanged == true) { @@ -999,8 +995,8 @@ public class JobsAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1010,7 +1006,7 @@ public class JobsAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (!value.equals("")) + if (!value.equals("")) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java index e4138d74..1dd34666 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -35,13 +34,12 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.ILogger; - /** * A class representings an administration servlet for Key - * Recovery Authority. This servlet is responsible to serve - * KRA administrative operation such as configuration + * Recovery Authority. This servlet is responsible to serve + * KRA administrative operation such as configuration * parameter updates. - * + * * @version $Revision$, $Date$ */ public class KRAAdminServlet extends AdminServlet { @@ -57,7 +55,7 @@ public class KRAAdminServlet extends AdminServlet { private IKeyRecoveryAuthority mKRA = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; /** * Constructs KRA servlet. @@ -73,49 +71,49 @@ public class KRAAdminServlet extends AdminServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); String scope = req.getParameter(Constants.OP_SCOPE); if (scope == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } String op = req.getParameter(Constants.OP_TYPE); if (op == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } - + try { AUTHZ_RES_NAME = "certServer.kra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } /* Functions not implemented in console @@ -129,7 +127,7 @@ public class KRAAdminServlet extends AdminServlet { getNotificationRIQConfig(req, resp); return; } else - */ + */ if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); return; @@ -138,8 +136,8 @@ public class KRAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } /* Functions not implemented in console @@ -158,24 +156,24 @@ public class KRAAdminServlet extends AdminServlet { } else */ if (scope.equals(ScopeDef.SC_GENERAL)) { - setGeneralConfig(req,resp); + setGeneralConfig(req, resp); } - } + } } catch (EBaseException e) { // convert exception into locale-specific message - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { e.printStackTrace(); } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -188,7 +186,7 @@ public class KRAAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -202,14 +200,14 @@ public class KRAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) { try { - int number = Integer.parseInt(value); + int number = Integer.parseInt(value); mKRA.setNoOfRequiredAgents(number); } catch (NumberFormatException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException("Number of agents must be an integer"); @@ -220,10 +218,10 @@ public class KRAAdminServlet extends AdminServlet { commit(true); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 08d6fcf5..95ed2361 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,13 +44,12 @@ import com.netscape.certsrv.logging.ILogSubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogPlugin; - /** * A class representings an administration servlet for logging * subsystem. This servlet is responsible to serve * logging administrative operation such as configuration * parameter updates and log retriever. - * + * * @version $Revision$, $Date$ */ public class LogAdminServlet extends AdminServlet { @@ -70,11 +68,11 @@ public class LogAdminServlet extends AdminServlet { private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = - "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; + "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; + "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; /** * Constructs Log servlet. @@ -114,15 +112,15 @@ public class LogAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -138,8 +136,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -155,8 +153,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -169,17 +167,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -190,17 +188,17 @@ public class LogAdminServlet extends AdminServlet { delLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -211,9 +209,9 @@ public class LogAdminServlet extends AdminServlet { addLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { @@ -221,8 +219,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -232,17 +230,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { setGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LOG_IMPLS)) { @@ -268,13 +266,13 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } ILogEventListener loginst = - mSys.getLogInstance(instName); + mSys.getLogInstance(instName); if (loginst != null) { NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req)); @@ -296,12 +294,12 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } ILogEventListener loginst = - mSys.getLogInstance(instName); + mSys.getLogInstance(instName); if (loginst != null) { NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req)); @@ -310,15 +308,15 @@ public class LogAdminServlet extends AdminServlet { } return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -329,15 +327,15 @@ public class LogAdminServlet extends AdminServlet { System.out.println("XXX >>>" + e.toString() + "<<<"); e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } return; } - private synchronized void listLogInsts(HttpServletRequest req, - HttpServletResponse resp, boolean all) throws ServletException, + private synchronized void listLogInsts(HttpServletRequest req, + HttpServletResponse resp, boolean all) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -351,9 +349,9 @@ public class LogAdminServlet extends AdminServlet { if (value == null) continue; String pName = mSys.getLogPluginName(value); - LogPlugin pClass = (LogPlugin) - mSys.getLogPlugins().get(pName); - String c = pClass.getClassPath(); + LogPlugin pClass = (LogPlugin) + mSys.getLogPlugins().get(pName); + String c = pClass.getClassPath(); // not show ntEventlog here if (all || (!all && !c.endsWith("NTEventLog"))) @@ -363,12 +361,12 @@ public class LogAdminServlet extends AdminServlet { return; } - /** + /** * retrieve extended plugin info such as brief description, type info * from logging */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -381,10 +379,10 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { - IExtendedPluginInfo ext_info = null; + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + IExtendedPluginInfo ext_info = null; Object impl = null; - LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); + LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); if (lp != null) { impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath()); @@ -410,11 +408,11 @@ public class LogAdminServlet extends AdminServlet { /** * Add log plug-in * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when - * configuring signedAudit + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -423,9 +421,9 @@ public class LogAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ @SuppressWarnings("unchecked") - private synchronized void addLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -457,8 +455,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -476,8 +474,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -496,8 +494,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"), + null, resp); return; } @@ -505,7 +503,7 @@ public class LogAdminServlet extends AdminServlet { destStore = mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); // Does the class exist? Class<ILogEventListener> newImpl = null; @@ -525,8 +523,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file @@ -541,8 +539,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } @@ -561,8 +559,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -578,8 +576,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -605,8 +603,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -682,11 +680,11 @@ public class LogAdminServlet extends AdminServlet { /** * Add log instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when - * configuring signedAudit + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -694,9 +692,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -726,8 +724,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -743,8 +741,8 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } @@ -761,8 +759,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -783,15 +781,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get( - implname); + (LogPlugin) mSys.getLogPlugins().get( + implname); if (plugin == null) { // store a message in the signed audit log file @@ -806,17 +804,17 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), - null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector<String> configParams = mSys.getLogDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -826,11 +824,11 @@ public class LogAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -864,8 +862,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); @@ -882,8 +880,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); @@ -900,8 +898,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -962,8 +960,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1026,28 +1024,28 @@ public class LogAdminServlet extends AdminServlet { } } - private synchronized void listLogPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listLogPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<String> e = mSys.getLogPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - LogPlugin value = (LogPlugin) - mSys.getLogPlugins().get(name); + LogPlugin value = (LogPlugin) + mSys.getLogPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILogEventListener lp = (ILogEventListener) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1069,11 +1067,11 @@ public class LogAdminServlet extends AdminServlet { /** * Delete log instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when - * configuring signedAudit + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1081,9 +1079,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1116,8 +1114,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1135,8 +1133,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1144,15 +1142,15 @@ public class LogAdminServlet extends AdminServlet { // cannot shutdown because we don't keep track of whether it's // being used. ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + mSys.getLogInstance(id); mSys.getLogInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); // commiting @@ -1173,8 +1171,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1233,11 +1231,11 @@ public class LogAdminServlet extends AdminServlet { /** * Delete log plug-in * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when - * configuring signedAudit + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1245,9 +1243,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1280,8 +1278,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1298,15 +1296,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(), - null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this log // DON'T remove log if any instance - for (Enumeration<String> e = mSys.getLogInsts().keys(); - e.hasMoreElements();) { + for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILogEventListener log = mSys.getLogInstance(name); @@ -1323,19 +1320,19 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"), + null, resp); return; } } - + // then delete this log mSys.getLogPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1354,8 +1351,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1414,18 +1411,13 @@ public class LogAdminServlet extends AdminServlet { /** * Modify log instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when - * configuring signedAudit - * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file - * name (including any path changes) for any of audit, system, transaction, - * or other customized log file change is attempted (authorization should - * not allow, but make sure it's written after the attempt) - * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log - * expiration time change is attempted (authorization should not allow, but - * make sure it's written after the attempt) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit + * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file name (including any path changes) for any of audit, system, transaction, or other customized log file change is attempted (authorization should not allow, but make sure it's written after the attempt) + * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log expiration time change is attempted (authorization should not allow, but make sure it's written after the attempt) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1433,9 +1425,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1490,8 +1482,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1509,8 +1501,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -1530,14 +1522,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + null, resp); return; } // get plugin for implementation LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get(implname); + (LogPlugin) mSys.getLogPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -1552,14 +1544,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } // save old instance substore params in case new one fails. ILogEventListener oldinst = - (ILogEventListener) mSys.getLogInstance(id); + (ILogEventListener) mSys.getLogInstance(id); Vector<String> oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1571,7 +1563,7 @@ public class LogAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1580,9 +1572,9 @@ public class LogAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); // create new substore. @@ -1627,16 +1619,15 @@ public class LogAdminServlet extends AdminServlet { if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { - AUTHZ_RES_NAME = + AUTHZ_RES_NAME = "certServer.log.configuration"; String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); String key = kv.substring(0, index); String val = req.getParameter(key); - if - (key.equals("level")) { - if (val.equals(ILogger.LL_DEBUG_STRING)) + if (key.equals("level")) { + if (val.equals(ILogger.LL_DEBUG_STRING)) val = "0"; else if (val.equals(ILogger.LL_INFO_STRING)) val = "1"; @@ -1653,9 +1644,8 @@ public class LogAdminServlet extends AdminServlet { } - if - (key.equals("rolloverInterval")) { - if (val.equals("Hourly")) + if (key.equals("rolloverInterval")) { + if (val.equals("Hourly")) val = Integer.toString(60 * 60); else if (val.equals("Daily")) val = Integer.toString(60 * 60 * 24); @@ -1667,8 +1657,7 @@ public class LogAdminServlet extends AdminServlet { val = Integer.toString(60 * 60 * 24 * 365); } - if - (key.equals(Constants.PR_LOG_TYPE)) { + if (key.equals(Constants.PR_LOG_TYPE)) { type = val; } @@ -1679,7 +1668,7 @@ public class LogAdminServlet extends AdminServlet { val = val.trim(); newLogPath = val; if (!val.equals(origVal.trim())) { - AUTHZ_RES_NAME = + AUTHZ_RES_NAME = "certServer.log.configuration.fileName"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { @@ -1709,58 +1698,58 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); - return; - } - } - } -/* - if (key.equals("expirationTime")) { - String origVal = substore.getString(key); - - val = val.trim(); - newExpirationTime = val; - if (!val.equals(origVal.trim())) { - if (id.equals(SIGNED_AUDIT_LOG_TYPE)) { - AUTHZ_RES_NAME = - "certServer.log.configuration.signedAudit.expirationTime"; - } - mOp = "modify"; - if ((mToken = super.authorize(req)) == null) { - // store a message in the signed audit log - // file (regardless of logType) - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } - - // store a message in the signed audit log - // file - if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - } - - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } } } -*/ + /* + if (key.equals("expirationTime")) { + String origVal = substore.getString(key); + + val = val.trim(); + newExpirationTime = val; + if (!val.equals(origVal.trim())) { + if (id.equals(SIGNED_AUDIT_LOG_TYPE)) { + AUTHZ_RES_NAME = + "certServer.log.configuration.signedAudit.expirationTime"; + } + mOp = "modify"; + if ((mToken = super.authorize(req)) == null) { + // store a message in the signed audit log + // file (regardless of logType) + if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + } + + // store a message in the signed audit log + // file + if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + } + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + } + } + */ substore.put(key, val); } } @@ -1772,7 +1761,7 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener newMgrInst = null; try { - newMgrInst = (ILogEventListener) + newMgrInst = (ILogEventListener) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // check to see if the log file path parameter was changed @@ -1823,8 +1812,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // check to see if the log file path parameter was changed @@ -1873,8 +1862,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // check to see if the log file path parameter was changed @@ -1923,8 +1912,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } // initialize the log @@ -1981,16 +1970,16 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // commited ok. replace instance. - // REMOVED - we didn't do anything to shut off the old instance - // so, it will still be running at this point. You'd have two - // log isntances writing to the same file - this would be a big PROBLEM!!! + // REMOVED - we didn't do anything to shut off the old instance + // so, it will still be running at this point. You'd have two + // log isntances writing to the same file - this would be a big PROBLEM!!! //mSys.getLogInsts().put(id, newMgrInst); @@ -2184,24 +2173,24 @@ public class LogAdminServlet extends AdminServlet { /** * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this log subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * possible default values) for a particular plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this log subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2218,8 +2207,8 @@ public class LogAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2227,8 +2216,8 @@ public class LogAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -2236,34 +2225,34 @@ public class LogAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + mSys.getLogInstance(id); Vector<String> configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, - getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, + getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2272,8 +2261,8 @@ public class LogAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -2283,17 +2272,17 @@ public class LogAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } /** * Signed Audit Check Log Path - * + * * This method is called to extract the log file path. * <P> - * + * * @param req http servlet request * @return a string containing the log file path */ @@ -2311,7 +2300,7 @@ public class LogAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2327,11 +2316,11 @@ public class LogAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); boolean restart = false; while (enum1.hasMoreElements()) { @@ -2353,7 +2342,7 @@ public class LogAdminServlet extends AdminServlet { CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL); } - } + } } mConfig.commit(true); @@ -2365,4 +2354,3 @@ public class LogAdminServlet extends AdminServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java index 152b364f..a968b5b3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,13 +38,12 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.ocsp.IOCSPStore; - /** * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve OCSP - * administrative operations such as configuration parameter + * Authority. This servlet is responsible to serve OCSP + * administrative operations such as configuration parameter * updates. - * + * * @version $Revision$, $Date$ */ public class OCSPAdminServlet extends AdminServlet { @@ -60,7 +58,7 @@ public class OCSPAdminServlet extends AdminServlet { private final static String INFO = "OCSPAdminServlet"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; private IOCSPAuthority mOCSP = null; @@ -88,9 +86,9 @@ public class OCSPAdminServlet extends AdminServlet { * the authenticate manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - + //get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -99,18 +97,18 @@ public class OCSPAdminServlet extends AdminServlet { if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); - + try { AUTHZ_RES_NAME = "certServer.ocsp.configuration"; if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -126,8 +124,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } setDefaultStore(req, resp); @@ -139,8 +137,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -154,8 +152,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -169,8 +167,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) { @@ -189,7 +187,7 @@ public class OCSPAdminServlet extends AdminServlet { * type info from CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -198,7 +196,7 @@ public class OCSPAdminServlet extends AdminServlet { String implName = id.substring(colon + 1); NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -229,12 +227,11 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set default OCSP store * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when - * configuring OCSP profile (everything under Online Certificate Status - * Manager) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -242,8 +239,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setDefaultStore(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -253,7 +250,7 @@ public class OCSPAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID, - id); + id); commit(true); // store a message in the signed audit log file @@ -306,8 +303,8 @@ public class OCSPAdminServlet extends AdminServlet { } private void getOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); IOCSPStore store = mOCSP.getOCSPStore(id); @@ -319,12 +316,11 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set OCSP store configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when - * configuring OCSP profile (everything under Online Certificate Status - * Manager) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -332,8 +328,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -418,8 +414,8 @@ public class OCSPAdminServlet extends AdminServlet { } private void listOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mOCSP.getConfigStore(); String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID); @@ -439,7 +435,7 @@ public class OCSPAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -451,7 +447,7 @@ public class OCSPAdminServlet extends AdminServlet { private void getSigningAlgConfig(NameValuePairs params) { params.add(Constants.PR_DEFAULT_ALGORITHM, - mOCSP.getDefaultAlgorithm()); + mOCSP.getDefaultAlgorithm()); String[] algorithms = mOCSP.getOCSPSigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); @@ -460,7 +456,7 @@ public class OCSPAdminServlet extends AdminServlet { algorStr.append(algorithms[i]); else algorStr.append(":"); - algorStr.append(algorithms[i]); + algorStr.append(algorithms[i]); } params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString()); } @@ -468,12 +464,11 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set general OCSP configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when - * configuring OCSP profile (everything under Online Certificate Status - * Manager) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -481,7 +476,7 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -538,7 +533,7 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - + } } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java index 10a768a2..e2193cd6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,14 +43,13 @@ import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.ra.IRegistrationAuthority; - /** * This class is an administration servlet for policy management. - * + * * Each service (CA, KRA, RA) should be responsible * for registering an instance of this with the remote * administration subsystem. - * + * * @version $Revision$, $Date$ */ public class PolicyAdminServlet extends AdminServlet { @@ -63,8 +61,8 @@ public class PolicyAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PolicyAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IPolicyProcessor mProcessor = null; @@ -85,7 +83,7 @@ public class PolicyAdminServlet extends AdminServlet { public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; /** * Constructs administration servlet. @@ -102,7 +100,7 @@ public class PolicyAdminServlet extends AdminServlet { String authority = config.getInitParameter(PROP_AUTHORITY); String policyStatus = null; - CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" ); + CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!"); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -138,28 +136,28 @@ public class PolicyAdminServlet extends AdminServlet { policyStatus = ICertificateAuthority.ID + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { + if (mConfig.getBoolean(policyStatus, true) == true) { // NOTE: If "ca.Policy.enable=<boolean>" is missing, // then the referenced instance existed prior // to this name=value pair existing in its // 'CS.cfg' file, and thus we err on the // side that the user may still need to // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { // CS 8.1 Default: ca.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + "master policy switch called '" - + policyStatus + "'" ); + + policyStatus + "'"); } } else if (mAuthority instanceof IRegistrationAuthority) { // this refers to the legacy RA (pre-CMS 7.0) @@ -167,34 +165,34 @@ public class PolicyAdminServlet extends AdminServlet { } else if (mAuthority instanceof IKeyRecoveryAuthority) { mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor(); try { - policyStatus = IKeyRecoveryAuthority.ID + policyStatus = IKeyRecoveryAuthority.ID + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { + if (mConfig.getBoolean(policyStatus, true) == true) { // NOTE: If "kra.Policy.enable=<boolean>" is missing, // then the referenced instance existed prior // to this name=value pair existing in its // 'CS.cfg' file, and thus we err on the // side that the user may still need to // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { // CS 8.1 Default: kra.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + "master policy switch called '" - + policyStatus + "'" ); + + policyStatus + "'"); } - } else - throw new ServletException(authority + " does not have policy processor!"); + } else + throw new ServletException(authority + " does not have policy processor!"); } /** @@ -204,15 +202,15 @@ public class PolicyAdminServlet extends AdminServlet { return INFO; } - /** + /** * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + * from policy, authentication, + * need to add: listener, mapper and publishing plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + if (!readAuthorize(req, resp)) return; String id = req.getParameter(Constants.RS_ID); @@ -248,27 +246,27 @@ public class PolicyAdminServlet extends AdminServlet { ext_info = (IExtendedPluginInfo) impl; } } - + NameValuePairs nvps = null; - + if (ext_info == null) { nvps = new NameValuePairs(); } else { nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } - + return nvps; } public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType, - String implName, - String instName) { + String implName, + String instName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyInstance(instName); - + impl = policy; if (impl == null) { impl = mProcessor.getPolicyImpl(implName); @@ -313,8 +311,8 @@ public class PolicyAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -332,30 +330,30 @@ public class PolicyAdminServlet extends AdminServlet { } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } else sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -365,8 +363,8 @@ public class PolicyAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -388,12 +386,12 @@ public class PolicyAdminServlet extends AdminServlet { addPolicyImpl(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void processPolicyRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -424,17 +422,17 @@ public class PolicyAdminServlet extends AdminServlet { modifyPolicyInstance(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void listPolicyImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration policyImplNames = mProcessor.getPolicyImplsInfo(); Enumeration policyImpls = mProcessor.getPolicyImpls(); if (policyImplNames == null || - policyImpls == null) { + policyImpls == null) { sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp); return; } @@ -443,12 +441,12 @@ public class PolicyAdminServlet extends AdminServlet { NameValuePairs nvp = new NameValuePairs(); while (policyImplNames.hasMoreElements() && - policyImpls.hasMoreElements()) { + policyImpls.hasMoreElements()) { String id = (String) policyImplNames.nextElement(); IPolicyRule impl = (IPolicyRule) - policyImpls.nextElement(); + policyImpls.nextElement(); String className = - impl.getClass().getName(); + impl.getClass().getName(); String desc = impl.getDescription(); nvp.add(id, className + "," + desc); @@ -457,8 +455,8 @@ public class PolicyAdminServlet extends AdminServlet { } public void listPolicyInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo(); if (instancesInfo == null) { @@ -475,7 +473,7 @@ public class PolicyAdminServlet extends AdminServlet { int i = info.indexOf(";"); nvp.add(info.substring(0, i), info.substring(i + 1)); - + } sendResponse(SUCCESS, null, nvp, resp); } @@ -483,19 +481,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Delete policy implementation * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when - * configuring cert policy constraints and extensions + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -574,8 +572,8 @@ public class PolicyAdminServlet extends AdminServlet { } public void getPolicyImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -604,19 +602,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy implementation * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when - * configuring cert policy constraints and extensions + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -710,19 +708,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Delete policy instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when - * configuring cert policy constraints and extensions + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -801,8 +799,8 @@ public class PolicyAdminServlet extends AdminServlet { } public void getPolicyInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy rule id. String id = req.getParameter(Constants.RS_ID).trim(); @@ -836,7 +834,7 @@ public class PolicyAdminServlet extends AdminServlet { } public void - putUserPWPair(String combo) { + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -849,19 +847,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when - * configuring cert policy constraints and extensions + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1005,19 +1003,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Change ordering of policy instances * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when - * configuring cert policy constraints and extensions + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void changePolicyInstanceOrdering(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1025,7 +1023,7 @@ public class PolicyAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { String policyOrder = - req.getParameter(Constants.PR_POLICY_ORDER); + req.getParameter(Constants.PR_POLICY_ORDER); if (policyOrder == null) { // store a message in the signed audit log file @@ -1095,19 +1093,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Modify policy instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when - * configuring cert policy constraints and extensions + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1252,4 +1250,3 @@ public class PolicyAdminServlet extends AdminServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 9c83a30c..99f61935 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -53,14 +52,13 @@ import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.cms.profile.common.ProfilePolicy; - /** * This class is an administration servlet for policy management. - * + * * Each service (CA, KRA, RA) should be responsible * for registering an instance of this with the remote * administration subsystem. - * + * * @version $Revision$, $Date$ */ public class ProfileAdminServlet extends AdminServlet { @@ -72,8 +70,8 @@ public class ProfileAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "ProfileAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -97,7 +95,7 @@ public class ProfileAdminServlet extends AdminServlet { public static String BAD_CONFIGURATION_VAL = "Invalid configuration value."; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; /** * Constructs administration servlet. @@ -130,8 +128,8 @@ public class ProfileAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -139,7 +137,7 @@ public class ProfileAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.profile.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); - CMS.debug("ProfileAdminServlet: service scope: " + scope); + CMS.debug("ProfileAdminServlet: service scope: " + scope); if (scope.equals(ScopeDef.SC_PROFILE_RULES)) { processProfileRuleMgmt(req, resp); } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) { @@ -162,33 +160,33 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } public void processProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -208,8 +206,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -230,8 +228,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -252,8 +250,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -269,8 +267,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -286,8 +284,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -307,8 +305,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -332,8 +330,8 @@ public class ProfileAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -343,12 +341,12 @@ public class ProfileAdminServlet extends AdminServlet { listProfileImpls(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void processProfileRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -374,15 +372,15 @@ public class ProfileAdminServlet extends AdminServlet { modifyProfileInstance(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } /** * Lists all registered profile impementations */ public void listProfileImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration<String> impls = mRegistry.getIds("profile"); NameValuePairs nvp = new NameValuePairs(); @@ -391,29 +389,28 @@ public class ProfileAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo("profile", id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } /** * Add policy profile * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -451,10 +448,10 @@ public class ProfileAdminServlet extends AdminServlet { if (mProfileSub.isProfileEnable(profileId)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Profile is currently enabled"), - null, resp); + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Profile is currently enabled"), + null, resp); return; } @@ -466,27 +463,27 @@ public class ProfileAdminServlet extends AdminServlet { try { if (!isValidId(setId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid set id " + setId), - null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid set id " + setId), + null, resp); + return; } if (!isValidId(pId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid policy id " + pId), - null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid policy id " + pId), + null, resp); + return; } policy = profile.createProfilePolicy(setId, pId, defImpl, conImpl); } catch (EBaseException e1) { // error CMS.debug("ProfileAdminServlet: addProfilePolicy " + - e1.toString()); + e1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -498,9 +495,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", + e1.toString()), + null, resp); return; } NameValuePairs nvp = new NameValuePairs(); @@ -545,20 +542,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile input * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -594,11 +590,11 @@ public class ProfileAdminServlet extends AdminServlet { IProfileInput input = null; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); NameValuePairs nvps = new NameValuePairs(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -623,9 +619,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -672,20 +668,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile output * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -721,11 +716,11 @@ public class ProfileAdminServlet extends AdminServlet { IProfileOutput output = null; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); NameValuePairs nvps = new NameValuePairs(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -751,9 +746,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -800,20 +795,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete policy profile * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -823,10 +817,10 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String policyId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -921,20 +915,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile input * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -944,7 +937,7 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String inputId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = names.nextElement(); @@ -1039,20 +1032,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile output * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1062,7 +1054,7 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String outputId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1157,20 +1149,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add default policy profile configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1201,7 +1192,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1210,9 +1201,9 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1224,16 +1215,17 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } // defConfig.putString("params." + name, req.getParameter(name)); } @@ -1294,20 +1286,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add policy constraints profile configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1338,7 +1329,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1349,10 +1340,10 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore conConfig = con.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -1362,16 +1353,17 @@ public class ProfileAdminServlet extends AdminServlet { continue; try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } // conConfig.putString("params." + name, req.getParameter(name)); } @@ -1433,20 +1425,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Modify default policy profile configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1477,7 +1468,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1485,9 +1476,9 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1499,15 +1490,15 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1566,20 +1557,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Modify profile input configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1616,7 +1606,7 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore inputConfig = input.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1686,20 +1676,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Modify profile output configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1736,7 +1725,7 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore outputConfig = output.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1748,7 +1737,7 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; outputConfig.putString("params." + name, - req.getParameter(name)); + req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1807,20 +1796,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Modify policy constraints profile configuration * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1851,7 +1839,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1861,9 +1849,9 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore conConfig = con.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1874,15 +1862,15 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; - // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name)); + // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name)); try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } //conConfig.putString("params." + name, req.getParameter(name)); } @@ -1942,8 +1930,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -1955,9 +1943,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfilePolicy policy = null; @@ -1987,15 +1975,15 @@ public class ProfileAdminServlet extends AdminServlet { } public void getPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST); // this one gets called when one of the elements in the default list get // selected, then it returns the list of supported constraintsPolicy if (constraintsList != null) { - + } StringTokenizer st = new StringTokenizer(id, ";"); @@ -2007,9 +1995,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } StringTokenizer ss = new StringTokenizer(policyId, ":"); @@ -2035,8 +2023,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); // only allow profile retrival if it is disabled @@ -2046,9 +2034,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfilePolicy() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2070,9 +2058,9 @@ public class ProfileAdminServlet extends AdminServlet { IPolicyConstraint con = policy.getConstraint(); IConfigStore conConfig = con.getConfigStore(); - nvp.add(setId + ":" + policy.getId(), - def.getName(getLocale(req)) + ";" + - con.getName(getLocale(req))); + nvp.add(setId + ":" + policy.getId(), + def.getName(getLocale(req)) + ";" + + con.getName(getLocale(req))); } } @@ -2080,17 +2068,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileOutput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileOutput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2107,17 +2095,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2134,9 +2122,9 @@ public class ProfileAdminServlet extends AdminServlet { } public void getInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { - + HttpServletResponse resp) + throws ServletException, IOException { + String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); String profileId = st.nextToken(); @@ -2146,9 +2134,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getInputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getInputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileInput profileInput = null; @@ -2160,14 +2148,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = names.nextElement(); IDescriptor desc = profileInput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileInput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + - profileInput.getConfig(name)); + profileInput.getConfig(name)); } } @@ -2175,8 +2163,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -2187,9 +2175,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getOutputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getOutputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileOutput profileOutput = null; @@ -2201,14 +2189,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = names.nextElement(); IDescriptor desc = profileOutput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileOutput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + - profileOutput.getConfig(name)); + profileOutput.getConfig(name)); } } @@ -2216,14 +2204,14 @@ public class ProfileAdminServlet extends AdminServlet { } public void listProfileInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { NameValuePairs nvp = new NameValuePairs(); Enumeration<String> e = mProfileSub.getProfileIds(); while (e.hasMoreElements()) { - String profileId = e.nextElement(); + String profileId = e.nextElement(); IProfile profile = null; try { @@ -2231,7 +2219,7 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // error } - + String status = null; if (mProfileSub.isProfileEnable(profileId)) { @@ -2247,8 +2235,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; @@ -2256,9 +2244,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2285,20 +2273,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2324,14 +2311,14 @@ public class ProfileAdminServlet extends AdminServlet { String config = null; - ISubsystem subsystem = CMS.getSubsystem("ca"); + ISubsystem subsystem = CMS.getSubsystem("ca"); String subname = "ca"; - if (subsystem == null) - subname = "ra"; + if (subsystem == null) + subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") + + config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file @@ -2346,7 +2333,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; } - + try { mProfileSub.deleteProfile(id, config); } catch (EProfileException e) { @@ -2401,7 +2388,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void - putUserPWPair(String combo) { + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -2411,12 +2398,11 @@ public class ProfileAdminServlet extends AdminServlet { CMS.putPasswordCache(user, pw); } - public boolean isValidId(String id) - { + public boolean isValidId(String id) { for (int i = 0; i < id.length(); i++) { - char c = id.charAt(i); - if (!Character.isLetterOrDigit(c)) - return false; + char c = id.charAt(i); + if (!Character.isLetterOrDigit(c)) + return false; } return true; } @@ -2424,20 +2410,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2465,14 +2450,14 @@ public class ProfileAdminServlet extends AdminServlet { IProfile p = null; try { - p = mProfileSub.getProfile(id); + p = mProfileSub.getProfile(id); } catch (EProfileException e1) { } if (p != null) { sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp); return; } - + String impl = req.getParameter("impl"); String name = req.getParameter("name"); String desc = req.getParameter("desc"); @@ -2516,8 +2501,8 @@ public class ProfileAdminServlet extends AdminServlet { profile = mProfileSub.createProfile(id, impl, info.getClassName(), config); - profile.setName(getLocale(req), name); - profile.setDescription(getLocale(req), name); + profile.setName(getLocale(req), name); + profile.setDescription(getLocale(req), name); if (visible != null && visible.equals("true")) { profile.setVisible(true); } else { @@ -2528,10 +2513,10 @@ public class ProfileAdminServlet extends AdminServlet { mProfileSub.createProfileConfig(id, impl, config); if (profile instanceof IProfileEx) { - // populates profile specific plugins such as - // policies, inputs and outputs - ((IProfileEx)profile).populate(); - } + // populates profile specific plugins such as + // policies, inputs and outputs + ((IProfileEx) profile).populate(); + } } catch (Exception e) { CMS.debug("ProfileAdminServlet: " + e.toString()); @@ -2588,20 +2573,19 @@ public class ProfileAdminServlet extends AdminServlet { /** * Modify profile instance * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when - * configuring cert profile (general settings and cert profile; obsoletes - * extensions and constraints policies) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2656,7 +2640,7 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); try { - profile.getConfigStore().commit(false); + profile.getConfigStore().commit(false); } catch (Exception e) { } @@ -2688,11 +2672,10 @@ public class ProfileAdminServlet extends AdminServlet { } } - protected String getNonNull(String s) { - if (s == null) - return ""; - return s; - } + protected String getNonNull(String s) { + if (s == null) + return ""; + return s; + } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 2842542e..22aa306e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin; import com.netscape.certsrv.security.ICryptoSubsystem; import com.netscape.cmsutil.password.IPasswordStore; - /** * A class representing an publishing servlet for the - * Publishing subsystem. This servlet is responsible + * Publishing subsystem. This servlet is responsible * to serve configuration requests for the Publishing subsystem. - * + * * @version $Revision$, $Date$ */ public class PublisherAdminServlet extends AdminServlet { @@ -85,8 +83,8 @@ public class PublisherAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PublisherAdminServlet"; - private final static String PW_TAG_CA_LDAP_PUBLISHING = - "CA LDAP Publishing"; + private final static String PW_TAG_CA_LDAP_PUBLISHING = + "CA LDAP Publishing"; public final static String NOMAPPER = "<NONE>"; private IPublisherProcessor mProcessor = null; private IAuthority mAuth = null; @@ -110,22 +108,22 @@ public class PublisherAdminServlet extends AdminServlet { if (mAuth != null) if (mAuth instanceof ICertificateAuthority) { mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor(); - } else - throw new ServletException(authority + " does not have publishing processor!"); + } else + throw new ServletException(authority + " does not have publishing processor!"); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); CMS.debug("PublisherAdminServlet: in service"); @@ -134,9 +132,9 @@ public class PublisherAdminServlet extends AdminServlet { if (op == null) { //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } try { @@ -160,8 +158,8 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -188,13 +186,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { getRuleInstConfig(req, resp); return; - } + } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -214,20 +212,20 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { testSetLDAPDest(req, resp); return; - } + } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -242,7 +240,7 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) { listMapperInsts(req, resp); return; - } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { + } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { listRulePlugins(req, resp); return; } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { @@ -253,8 +251,8 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -275,13 +273,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { addRuleInst(req, resp, scope); return; - } + } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -304,31 +302,31 @@ public class PublisherAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } else { //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } //System.out.println("SRVLT_FAIL_PERFORM 2"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor - p) { + p) { Enumeration mappers = p.getMapperInsts().keys(); Enumeration publishers = p.getPublisherInsts().keys(); @@ -337,11 +335,11 @@ public class PublisherAdminServlet extends AdminServlet { for (; mappers.hasMoreElements();) { String name = (String) mappers.nextElement(); - if (map.length()== 0) { - map.append(name); + if (map.length() == 0) { + map.append(name); } else { - map.append(","); - map.append(name); + map.append(","); + map.append(name); } } StringBuffer publish = new StringBuffer(); @@ -379,12 +377,11 @@ public class PublisherAdminServlet extends AdminServlet { } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) { IPublisherProcessor p_processor = mProcessor; Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName - ); + ); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); - } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER) - ) { + } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) { IPublisherProcessor p_processor = mProcessor; Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName); @@ -408,13 +405,13 @@ public class PublisherAdminServlet extends AdminServlet { } - /** + /** * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + * from policy, authentication, + * need to add: listener, mapper and publishing plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -423,14 +420,14 @@ public class PublisherAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - + private void getLDAPDest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mAuth.getConfigStore(); @@ -482,25 +479,25 @@ public class PublisherAdminServlet extends AdminServlet { params.add(name, value); } } - params.add(Constants.PR_PUBLISHING_ENABLE, - publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_ENABLE, + publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); - params.add(Constants.PR_ENABLE, - ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); + params.add(Constants.PR_ENABLE, + ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); //Save New Settings to the config file @@ -518,7 +515,7 @@ public class PublisherAdminServlet extends AdminServlet { // need to disable the ldap module here mProcessor.setLdapConnModule(null); } - + //set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -536,9 +533,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -567,7 +564,7 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + commit(true); /* Do a "PUT" of the new pw to the watchdog" @@ -580,27 +577,27 @@ public class PublisherAdminServlet extends AdminServlet { // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file"); + CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } + /* we'll shut down and restart the PublisherProcessor instead + // what a hack to do this without require restart server + // ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + ILdapConnModule connModule = mProcessor.getLdapConnModule(); + ILdapAuthInfo authInfo = null; + if (connModule != null) { + authInfo = connModule.getLdapAuthInfo(); + } -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); -*/ + // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + if (authInfo != null) { + CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); + authInfo.addPassword(prompt, pwd); + } else + CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); + */ try { CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor"); @@ -618,7 +615,7 @@ public class PublisherAdminServlet extends AdminServlet { } private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); CMS.debug("PublisherAdmineServlet: in testSetLDAPDest"); @@ -629,8 +626,8 @@ public class PublisherAdminServlet extends AdminServlet { IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); //set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, - req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, + req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String ldapPublish = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish); @@ -656,9 +653,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -687,22 +684,22 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + // test before commit if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - params.add("title", - "You've attempted to configure CMS to connect" + - " to a LDAP directory. The connection status is" + - " as follows:\n \n"); + ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { + params.add("title", + "You've attempted to configure CMS to connect" + + " to a LDAP directory. The connection status is" + + " as follows:\n \n"); LDAPConnection conn = null; ILdapConnInfo connInfo = - CMS.getLdapConnInfo(ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPCONNINFO)); + CMS.getLdapConnInfo(ldap.getSubStore( + ILdapBoundConnFactory.PROP_LDAPCONNINFO)); //LdapAuthInfo authInfo = //new LdapAuthInfo(ldap.getSubStore( // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); - String host = connInfo.getHost(); + String host = connInfo.getHost(); int port = connInfo.getPort(); boolean secure = connInfo.getSecure(); //int authType = authInfo.getAuthType(); @@ -720,51 +717,51 @@ public class PublisherAdminServlet extends AdminServlet { conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); - params.add(Constants.PR_AUTH_OK, - "Authentication: SSL client authentication" + - dashes(70 - 41) + " Success" + - "\nBind to the directory as: " + certNickName + - dashes(70 - 26 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: SSL client authentication" + + dashes(70 - 41) + " Success" + + "\nBind to the directory as: " + certNickName + + dashes(70 - 26 - certNickName.length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure\n" + - " error: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure\n" + + " error: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -773,53 +770,53 @@ public class PublisherAdminServlet extends AdminServlet { if (secure) { conn = new LDAPConnection( CMS.getLdapJssSSLSocketFactory()); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection" + - dashes(70 - 25) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection" + + dashes(70 - 25) + " Success"); } else { conn = new LDAPConnection(); - params.add(Constants.PR_CONN_INITED, - "Create LDAPConnection" + - dashes(70 - 21) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create LDAPConnection" + + dashes(70 - 21) + " Success"); } } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create LDAPConnection" + - dashes(70 - 21) + " Failure\n" + - "exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create LDAPConnection" + + dashes(70 - 21) + " Failure\n" + + "exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nerror: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nerror: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nexception: " + ex); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nexception: " + ex); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -828,44 +825,42 @@ public class PublisherAdminServlet extends AdminServlet { bindAs = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN); conn.authenticate(version, bindAs, pwd); - params.add(Constants.PR_AUTH_OK, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Success" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Success" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + " Success"); } catch (LDAPException ex) { - if (ex.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + "Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - "Failure" + "\nThe object doesn't exist. " + - "Please correct the value assigned in the" + - " \"Directory manager DN\" field."); - } else if (ex.getLDAPResultCode() == - LDAPException.INVALID_CREDENTIALS) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure" + "\nInvalid password. " + - "Please correct the value assigned in the" + - " \"Password\" field."); + if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + "Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + "Failure" + "\nThe object doesn't exist. " + + "Please correct the value assigned in the" + + " \"Directory manager DN\" field."); + } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure" + "\nInvalid password. " + + "Please correct the value assigned in the" + + " \"Password\" field."); } else { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure"); + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -875,7 +870,7 @@ public class PublisherAdminServlet extends AdminServlet { //commit(true); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - pwd != null) { + pwd != null) { /* Do a "PUT" of the new pw to the watchdog" ** do not remove - cfu @@ -886,28 +881,28 @@ public class PublisherAdminServlet extends AdminServlet { // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+ - prompt + " to password file"); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " + + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); -*/ + /* we'll shut down and restart the PublisherProcessor instead + // what a hack to do this without require restart server + // ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + ILdapConnModule connModule = mProcessor.getLdapConnModule(); + ILdapAuthInfo authInfo = null; + if (connModule != null) { + authInfo = connModule.getLdapAuthInfo(); + } else + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); + + // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + if (authInfo != null) { + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); + authInfo.addPassword(prompt, pwd); + } else + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); + */ } //params.add(Constants.PR_SAVE_OK, // "\n \nConfiguration changes are now committed."); @@ -921,7 +916,7 @@ public class PublisherAdminServlet extends AdminServlet { if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority(); - if (!(authority instanceof ICertificateAuthority)) + if (!(authority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) authority; @@ -929,26 +924,26 @@ public class PublisherAdminServlet extends AdminServlet { try { mProcessor.publishCACert(ca.getCACert()); CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); - params.add("publishCA", - "CA certificate is published."); + params.add("publishCA", + "CA certificate is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); - params.add("publishCA", - "Failed to publish CA certificate."); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); + params.add("publishCA", + "Failed to publish CA certificate."); int index = ex.toString().indexOf("Failed to create CA"); if (index > -1) { params.add("createError", - ex.toString().substring(index)); + ex.toString().substring(index)); } mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CA certificate won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CA certificate won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; @@ -958,65 +953,65 @@ public class PublisherAdminServlet extends AdminServlet { CMS.debug("PublisherAdminServlet: about to update CRL"); ca.publishCRLNow(); CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL")); - params.add("publishCRL", - "CRL is published."); + params.add("publishCRL", + "CRL is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - "Could not publish crl " + ex.toString()); - params.add("publishCRL", - "Failed to publish CRL."); + log(ILogger.LL_FAILURE, + "Could not publish crl " + ex.toString()); + params.add("publishCRL", + "Failed to publish CRL."); mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CRL won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CRL won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; } } commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); params.add("restarted", "Publishing is restarted."); } else { commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); - params.add("stopped", - "Publishing is stopped."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); + params.add("stopped", + "Publishing is stopped."); } //XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, params, resp); } - private synchronized void addMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_MAPPER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -1059,8 +1054,8 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1068,8 +1063,8 @@ public class PublisherAdminServlet extends AdminServlet { MapperPlugin plugin = new MapperPlugin(id, classPath); mProcessor.getMapperPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); NameValuePairs params = new NameValuePairs(); @@ -1087,27 +1082,27 @@ public class PublisherAdminServlet extends AdminServlet { return true; } - private synchronized void addMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getMapperInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1122,13 +1117,13 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get( - implname); + (MapperPlugin) mProcessor.getMapperPlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -1145,11 +1140,11 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -1165,20 +1160,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1203,46 +1198,46 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add mapper instance to list. mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_MAPPER_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listMapperPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listMapperPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - MapperPlugin value = (MapperPlugin) - mProcessor.getMapperPlugins().get(name); + MapperPlugin value = (MapperPlugin) + mProcessor.getMapperPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapMapper lp = (ILdapMapper) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1261,8 +1256,8 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listMapperInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listMapperInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1278,25 +1273,25 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1304,14 +1299,14 @@ public class PublisherAdminServlet extends AdminServlet { // cannot shutdown because we don't keep track of whether it's // being used. ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + mProcessor.getMapperInstance(id); mProcessor.getMapperInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -1321,39 +1316,38 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (mProcessor.getMapperPlugins().containsKey(id) == false) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this mapper // DON'T remove mapper if any instance - for (Enumeration e = mProcessor.getMapperInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILdapMapper mapper = mProcessor.getMapperInstance(name); @@ -1362,15 +1356,15 @@ public class PublisherAdminServlet extends AdminServlet { return; } } - + // then delete this mapper mProcessor.getMapperPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1378,26 +1372,26 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getMapperConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getMapperConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1411,50 +1405,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getMapperInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getMapperInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + mProcessor.getMapperInstance(id); Vector configParams = mapperInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_MAPPER_IMPL_NAME, - getMapperPluginName(mapperInst)); + params.add(Constants.PR_MAPPER_IMPL_NAME, + getMapperPluginName(mapperInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -1462,24 +1456,24 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getMapperInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1492,19 +1486,19 @@ public class PublisherAdminServlet extends AdminServlet { } // get plugin for implementation MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get(implname); + (MapperPlugin) mProcessor.getMapperPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } // save old instance substore params in case new one fails. ILdapMapper oldinst = - (ILdapMapper) mProcessor.getMapperInstance(id); + (ILdapMapper) mProcessor.getMapperInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1516,7 +1510,7 @@ public class PublisherAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1525,8 +1519,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + - ".publish.mapper"); + mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -1557,26 +1551,26 @@ public class PublisherAdminServlet extends AdminServlet { ILdapMapper newMgrInst = null; try { - newMgrInst = (ILdapMapper) + newMgrInst = (ILdapMapper) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } // initialize the mapper @@ -1586,13 +1580,13 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // don't commit in this case and cleanup the new substore. restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); return; } catch (Throwable e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(), null, - resp); + sendResponse(ERROR, e.toString(), null, + resp); return; } @@ -1604,8 +1598,8 @@ public class PublisherAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1614,31 +1608,31 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst)); mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), - null, resp); + new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), + null, resp); return; } @@ -1689,8 +1683,8 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1698,8 +1692,8 @@ public class PublisherAdminServlet extends AdminServlet { RulePlugin plugin = new RulePlugin(id, classPath); mProcessor.getRulePlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -1707,26 +1701,26 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getRuleInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1741,23 +1735,23 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get( - implname); + (RulePlugin) mProcessor.getRulePlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getRuleDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() - + ".publish.rule"); + mConfig.getSubStore(mAuth.getId() + + ".publish.rule"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -1767,13 +1761,13 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -1789,20 +1783,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1828,40 +1822,40 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getRuleInsts().put(id, ruleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_RULE_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listRulePlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listRulePlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getRulePlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - RulePlugin value = (RulePlugin) - mProcessor.getRulePlugins().get(name); + RulePlugin value = (RulePlugin) + mProcessor.getRulePlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapRule lp = (ILdapRule) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -1872,8 +1866,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listRuleInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listRuleInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; @@ -1881,8 +1875,8 @@ public class PublisherAdminServlet extends AdminServlet { for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapRule value = (ILdapRule) - mProcessor.getRuleInsts().get((Object) name); + ILdapRule value = (ILdapRule) + mProcessor.getRuleInsts().get((Object) name); String enabled = value.enabled() ? "enabled" : "disabled"; params.add(name, value.getInstanceName() + ";visible;" + enabled); @@ -1901,47 +1895,46 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void delRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { sendResponse(ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this rule // DON'T remove rule if any instance - for (Enumeration e = mProcessor.getRuleInsts().elements(); - e.hasMoreElements();) { - ILdapRule rule = (ILdapRule) - e.nextElement(); + for (Enumeration e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) { + ILdapRule rule = (ILdapRule) + e.nextElement(); if (id.equals(getRulePluginName(rule))) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this rule mProcessor.getRulePlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".rule"); + mConfig.getSubStore( + mAuth.getId() + ".rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -1950,26 +1943,26 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1978,8 +1971,8 @@ public class PublisherAdminServlet extends AdminServlet { // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1987,14 +1980,14 @@ public class PublisherAdminServlet extends AdminServlet { // cannot shutdown because we don't keep track of whether it's // being used. ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + mProcessor.getRuleInsts().get(id); mProcessor.getRuleInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2004,24 +1997,24 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getRuleConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getRuleConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2035,50 +2028,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getRuleInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getRuleInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + mProcessor.getRuleInsts().get(id); Vector configParams = ruleInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RULE_IMPL_NAME, - getRulePluginName(ruleInst)); + params.add(Constants.PR_RULE_IMPL_NAME, + getRulePluginName(ruleInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2086,23 +2079,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getRuleInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2116,20 +2109,20 @@ public class PublisherAdminServlet extends AdminServlet { // get plugin for implementation RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get(implname); + (RulePlugin) mProcessor.getRulePlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - //new ERulePluginNotFound(implname).toString(getLocale(req)), - "", - null, resp); + //new ERulePluginNotFound(implname).toString(getLocale(req)), + "", + null, resp); return; } // save old instance substore params in case new one fails. - ILdapRule oldinst = - (ILdapRule) mProcessor.getRuleInsts().get((Object) id); + ILdapRule oldinst = + (ILdapRule) mProcessor.getRuleInsts().get((Object) id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -2141,7 +2134,7 @@ public class PublisherAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -2150,8 +2143,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -2171,8 +2164,8 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(key); if (val == null) { - substore.put(key, - kv.substring(index + 1)); + substore.put(key, + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; @@ -2192,20 +2185,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2232,8 +2225,8 @@ public class PublisherAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2241,40 +2234,40 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getRuleInsts().put(id, newRuleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -2318,8 +2311,8 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2327,8 +2320,8 @@ public class PublisherAdminServlet extends AdminServlet { PublisherPlugin plugin = new PublisherPlugin(id, classPath); mProcessor.getPublisherPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2336,28 +2329,28 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getPublisherInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2372,20 +2365,20 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get( - implname); + (PublisherPlugin) mProcessor.getPublisherPlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getPublisherDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -2404,15 +2397,15 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { substore.put(kv, ""); } else { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } } else { if (index == -1) { substore.put(kv, val); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -2429,20 +2422,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2467,16 +2460,16 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2485,8 +2478,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listPublisherPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listPublisherPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2494,15 +2487,15 @@ public class PublisherAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - PublisherPlugin value = (PublisherPlugin) - mProcessor.getPublisherPlugins().get(name); + PublisherPlugin value = (PublisherPlugin) + mProcessor.getPublisherPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapPublisher lp = (ILdapPublisher) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -2523,8 +2516,8 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listPublisherInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listPublisherInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2543,8 +2536,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2553,38 +2546,37 @@ public class PublisherAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this publisher // DON'T remove publisher if any instance - for (Enumeration e = mProcessor.getPublisherInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapPublisher publisher = - mProcessor.getPublisherInstance(name); + ILdapPublisher publisher = + mProcessor.getPublisherInstance(name); if (id.equals(getPublisherPluginName(publisher))) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this publisher mProcessor.getPublisherPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -2593,8 +2585,8 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2602,8 +2594,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2612,8 +2604,8 @@ public class PublisherAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2622,8 +2614,8 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -2636,7 +2628,7 @@ public class PublisherAdminServlet extends AdminServlet { // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2646,8 +2638,8 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); @@ -2656,24 +2648,24 @@ public class PublisherAdminServlet extends AdminServlet { /** * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this publishing subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * possible default values) for a particular plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this publishing subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2690,8 +2682,8 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2699,8 +2691,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -2708,34 +2700,34 @@ public class PublisherAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapPublisher publisherInst = (ILdapPublisher) - mProcessor.getPublisherInstance(id); + mProcessor.getPublisherInstance(id); Vector configParams = publisherInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_PUBLISHER_IMPL_NAME, - getPublisherPluginName(publisherInst)); + params.add(Constants.PR_PUBLISHER_IMPL_NAME, + getPublisherPluginName(publisherInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2745,15 +2737,15 @@ public class PublisherAdminServlet extends AdminServlet { /** * Modify publisher instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance + * This will actually create a new instance with new configuration + * parameters and replace the old instance, if the new instance * created and initialized successfully. * The old instance is left running. so this is very expensive. * Restart of server recommended. */ - private synchronized void modPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. @@ -2762,15 +2754,15 @@ public class PublisherAdminServlet extends AdminServlet { if (id == null) { //System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getPublisherInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2784,12 +2776,12 @@ public class PublisherAdminServlet extends AdminServlet { // get plugin for implementation PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); + (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -2813,8 +2805,8 @@ public class PublisherAdminServlet extends AdminServlet { pubType = "crl"; } - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2824,7 +2816,7 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // get objects added and deleted @@ -2859,9 +2851,9 @@ public class PublisherAdminServlet extends AdminServlet { } // process any changes to the ldap object class definitions - if (pubType.equals("cacert")) { + if (pubType.equals("cacert")) { processChangedOC(saveParams, substore, "caObjectClass"); - substore.put("pubtype", "cacert"); + substore.put("pubtype", "cacert"); } if (pubType.equals("crl")) { @@ -2880,20 +2872,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2920,8 +2912,8 @@ public class PublisherAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); //System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2929,8 +2921,8 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -2941,51 +2933,54 @@ public class PublisherAdminServlet extends AdminServlet { // convenience function - takes list1, list2. Returns what is in list1 // but not in list2 private String[] getExtras(String[] list1, String[] list2) { - Vector <String> extras = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - boolean match=false; - for (int j=0; j < list2.length; j++) { - if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { - match = true; - break; - } - } - if (!match) extras.add(list1[i].trim()); - } - - return (String[])extras.toArray(new String[extras.size()]); + Vector<String> extras = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + boolean match = false; + for (int j = 0; j < list2.length; j++) { + if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { + match = true; + break; + } + } + if (!match) + extras.add(list1[i].trim()); + } + + return (String[]) extras.toArray(new String[extras.size()]); } // convenience function - takes list1, list2. Concatenates the two // lists removing duplicates private String[] joinLists(String[] list1, String[] list2) { - Vector <String> sum = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - sum.add(list1[i]); - } - - for (int i=0; i < list2.length; i++) { - boolean match=false; - for (int j=0; j < list1.length; j++) { - if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { - match = true; - break; - } - } - if (!match) sum.add(list2[i].trim()); - } - - return (String[])sum.toArray(new String[sum.size()]); + Vector<String> sum = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + sum.add(list1[i]); + } + + for (int i = 0; i < list2.length; i++) { + boolean match = false; + for (int j = 0; j < list1.length; j++) { + if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { + match = true; + break; + } + } + if (!match) + sum.add(list2[i].trim()); + } + + return (String[]) sum.toArray(new String[sum.size()]); } // convenience funtion. Takes a string array and delimiter // and returns a String with the concatenation private static String join(String[] s, String delimiter) { - if (s.length == 0) return ""; + if (s.length == 0) + return ""; StringBuffer buffer = new StringBuffer(s[0]); if (s.length > 1) { - for (int i=1; i< s.length; i++) { + for (int i = 1; i < s.length; i++) { buffer.append(delimiter).append(s[i].trim()); } } @@ -3005,29 +3000,31 @@ public class PublisherAdminServlet extends AdminServlet { oldAdded = saveParams.getValue(objName + "Added"); oldDeleted = saveParams.getValue(objName + "Deleted"); - if ((oldOC == null) || (newOC == null)) return; - if (oldOC.equalsIgnoreCase(newOC)) return; + if ((oldOC == null) || (newOC == null)) + return; + if (oldOC.equalsIgnoreCase(newOC)) + return; - String [] oldList = oldOC.split(","); - String [] newList = newOC.split(","); - String [] deletedList = getExtras(oldList, newList); - String [] addedList = getExtras(newList, oldList); + String[] oldList = oldOC.split(","); + String[] newList = newOC.split(","); + String[] deletedList = getExtras(oldList, newList); + String[] addedList = getExtras(newList, oldList); // CMS.debug("addedList = " + join(addedList, ",")); // CMS.debug("deletedList = " + join(deletedList, ",")); - if ((addedList.length ==0) && (deletedList.length == 0)) - return; // no changes + if ((addedList.length == 0) && (deletedList.length == 0)) + return; // no changes if (oldAdded != null) { // CMS.debug("oldAdded is " + oldAdded); - String [] oldAddedList = oldAdded.split(","); + String[] oldAddedList = oldAdded.split(","); addedList = joinLists(addedList, oldAddedList); } if (oldDeleted != null) { // CMS.debug("oldDeleted is " + oldDeleted); - String [] oldDeletedList = oldDeleted.split(","); + String[] oldDeletedList = oldDeleted.split(","); deletedList = joinLists(deletedList, oldDeletedList); } @@ -3046,8 +3043,8 @@ public class PublisherAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -3057,7 +3054,7 @@ public class PublisherAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } @@ -3078,7 +3075,7 @@ public class PublisherAdminServlet extends AdminServlet { public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java index 35bbb91a..cbabe1fd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -36,13 +35,12 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequestListener; - /** * A class representings an administration servlet for Registration * Authority. This servlet is responsible to serve RA * administrative operations such as configuration parameter * updates. - * + * * @version $Revision$, $Date$ */ public class RAAdminServlet extends AdminServlet { @@ -94,7 +92,7 @@ public class RAAdminServlet extends AdminServlet { * the authenticate manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); //get all operational flags @@ -117,8 +115,8 @@ public class RAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -144,8 +142,8 @@ public class RAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -157,7 +155,7 @@ public class RAAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) { setNotificationReqCompConfig(req, resp); return; - }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { + } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { setNotificationRevCompConfig(req, resp); return; } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { @@ -179,12 +177,12 @@ public class RAAdminServlet extends AdminServlet { /*========================================================== * private methods *==========================================================*/ - + /* * handle getting completion (cert issued) notification config info */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -203,19 +201,19 @@ public class RAAdminServlet extends AdminServlet { params.add(name, rc.getString(name, "")); } - params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + rc.getString(PROP_ENABLED, Constants.FALSE)); //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); @@ -224,12 +222,12 @@ public class RAAdminServlet extends AdminServlet { } private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); @@ -241,14 +239,14 @@ public class RAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -268,8 +266,8 @@ public class RAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } @@ -278,11 +276,11 @@ public class RAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -321,7 +319,7 @@ public class RAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { //set rest of the parameters Enumeration e = req.getParameterNames(); @@ -355,24 +353,24 @@ public class RAAdminServlet extends AdminServlet { } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener()); - + } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); @@ -380,7 +378,7 @@ public class RAAdminServlet extends AdminServlet { } private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); @@ -427,13 +425,13 @@ public class RAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; - // String nickname = raConfig.getString("certNickname", ""); + // String nickname = raConfig.getString("certNickname", ""); if (isCAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("CA"); @@ -455,12 +453,12 @@ public class RAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + if (name.equals("nickName")) { + caConnectorConfig.putString(name, nickname); + continue; + } + */ caConnectorConfig.putString(name, req.getParameter(name)); } } @@ -528,7 +526,7 @@ public class RAAdminServlet extends AdminServlet { //reading the RA general information private void readGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -544,13 +542,13 @@ public class RAAdminServlet extends AdminServlet { } params.add(Constants.PR_EE_ENABLED, value); */ - + sendResponse(SUCCESS, null, params, resp); } //mdify RA General Information private void modifyGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { /* diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index 7605eb2e..36cc7100 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry; /** * This implements the administration servlet for registry subsystem. - * + * * @version $Revision$, $Date$ */ public class RegistryAdminServlet extends AdminServlet { @@ -53,8 +52,8 @@ public class RegistryAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "RegistryAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -104,8 +103,8 @@ public class RegistryAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -113,7 +112,7 @@ public class RegistryAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.registry.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - + if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) { if (op.equals(OpDef.OP_READ)) if (!readAuthorize(req, resp)) @@ -124,25 +123,25 @@ public class RegistryAdminServlet extends AdminServlet { } } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -152,8 +151,8 @@ public class RegistryAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -176,16 +175,16 @@ public class RegistryAdminServlet extends AdminServlet { addImpl(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void addImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); - String scope = req.getParameter(Constants.OP_SCOPE); + String scope = req.getParameter(Constants.OP_SCOPE); String classPath = req.getParameter(Constants.PR_POLICY_CLASS); String desc = req.getParameter(Constants.PR_POLICY_DESC); @@ -198,17 +197,17 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath); try { - mRegistry.addPluginInfo(scope, id, info); + mRegistry.addPluginInfo(scope, id, info); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); } public void deleteImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -225,13 +224,13 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); try { - mRegistry.removePluginInfo(scope, id); + mRegistry.removePluginInfo(scope, id); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); @@ -241,26 +240,26 @@ public class RegistryAdminServlet extends AdminServlet { * Lists all registered profile impementations */ public void listImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); Enumeration<String> impls = mRegistry.getIds(scope); NameValuePairs nvp = new NameValuePairs(); while (impls.hasMoreElements()) { - String id = impls.nextElement(); + String id = impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo(scope, id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } - public void getSupportedConstraintPolicies(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void getSupportedConstraintPolicies(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); if (id == null) { @@ -273,7 +272,7 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id); String className = info.getClassName(); IPolicyDefault policyDefaultClass = (IPolicyDefault) - Class.forName(className).newInstance(); + Class.forName(className).newInstance(); if (policyDefaultClass != null) { Enumeration<String> impls = mRegistry.getIds("constraintPolicy"); @@ -283,14 +282,14 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo constraintInfo = mRegistry.getPluginInfo( "constraintPolicy", constraintID); IPolicyConstraint policyConstraintClass = (IPolicyConstraint) - Class.forName(constraintInfo.getClassName()).newInstance(); + Class.forName(constraintInfo.getClassName()).newInstance(); CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); nvp.add(constraintID, constraintInfo.getClassName() + "," + - constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); + constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); } } } @@ -302,8 +301,8 @@ public class RegistryAdminServlet extends AdminServlet { } public void getProfileImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -320,7 +319,7 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); String className = info.getClassName(); @@ -337,19 +336,19 @@ public class RegistryAdminServlet extends AdminServlet { if (names != null) { while (names.hasMoreElements()) { String name = names.nextElement(); - CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); + CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); IDescriptor desc = template.getConfigDescriptor(getLocale(req), name); if (desc != null) { - try { - String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); - - CMS.debug("RegistryAdminServlet: getProfileImpl " + value); - nvp.add(name, value); - } catch (Exception e) { - - CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); - } + try { + String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); + + CMS.debug("RegistryAdminServlet: getProfileImpl " + value); + nvp.add(name, value); + } catch (Exception e) { + + CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); + } } else { CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index fe8d1826..799638e8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -58,16 +57,15 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Cert; - /** - * A class representing an administration servlet for + * A class representing an administration servlet for * User/Group Manager. It communicates with client * SDK to allow remote administration of User/Group * manager. - * - * This servlet will be registered to remote + * + * This servlet will be registered to remote * administration subsystem by usrgrp manager. - * + * * @version $Revision$, $Date$ */ public class UsrGrpAdminServlet extends AdminServlet { @@ -88,17 +86,16 @@ public class UsrGrpAdminServlet extends AdminServlet { private final static String BACK_SLASH = "\\"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private IUGSubsystem mMgr = null; private IAuthzSubsystem mAuthz = null; - private static String [] mMultiRoleGroupEnforceList = null; - private final static String MULTI_ROLE_ENABLE= "multiroles.enable"; + private static String[] mMultiRoleGroupEnforceList = null; + private final static String MULTI_ROLE_ENABLE = "multiroles.enable"; private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList"; - /** * Constructs User/Group manager servlet. */ @@ -126,7 +123,7 @@ public class UsrGrpAdminServlet extends AdminServlet { * Serves incoming User/Group management request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -134,9 +131,9 @@ public class UsrGrpAdminServlet extends AdminServlet { if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -148,7 +145,7 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + null, resp); return; } @@ -181,30 +178,29 @@ public class UsrGrpAdminServlet extends AdminServlet { } */ - try { ISubsystem subsystem = CMS.getSubsystem("ca"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_CA_GROUP; subsystem = CMS.getSubsystem("ra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_RA_GROUP; subsystem = CMS.getSubsystem("kra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_KRA_GROUP; subsystem = CMS.getSubsystem("ocsp"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_OCSP_GROUP; subsystem = CMS.getSubsystem("tks"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_TKS_GROUP; if (scope != null) { if (scope.equals(ScopeDef.SC_USER_TYPE)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -216,8 +212,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -234,8 +230,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -252,8 +248,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -270,8 +266,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -285,8 +281,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -296,11 +292,11 @@ public class UsrGrpAdminServlet extends AdminServlet { findUsers(req, resp); return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } @@ -308,21 +304,21 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } } private void getUserType(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = super.getParameter(req, Constants.RS_ID); IUser user = mMgr.getUser(id); @@ -337,14 +333,14 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * Searches for users in LDAP directory. List uids only - * + * Searches for users in LDAP directory. List uids only + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUsers(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findUsers(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -355,7 +351,7 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listUsers("*"); } catch (Exception ex) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -384,15 +380,15 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * List user information. Certificates covered in a separate - * protocol for findUserCerts(). List of group memberships are - * also provided. - * + * protocol for findUserCerts(). List of group memberships are + * also provided. + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { //get id first @@ -402,8 +398,8 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -416,7 +412,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -435,7 +431,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception ex) { ex.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -445,7 +441,7 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); if (group.isMember(id) == true) { - if (grpString.length()!=0) { + if (grpString.length() != 0) { grpString.append(","); } grpString.append(group.getGroupID()); @@ -461,20 +457,20 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } /** * List user certificate(s) - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUserCerts(HttpServletRequest req, - HttpServletResponse resp, Locale clientLocale) - throws ServletException, + private synchronized void findUserCerts(HttpServletRequest req, + HttpServletResponse resp, Locale clientLocale) + throws ServletException, IOException, EBaseException { //get id first @@ -484,8 +480,8 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -498,7 +494,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } @@ -506,23 +502,23 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } X509Certificate[] certs = - (X509Certificate[]) user.getX509Certificates(); + (X509Certificate[]) user.getX509Certificates(); if (certs != null) { for (int i = 0; i < certs.length; i++) { ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]); - // add base64 encoding - String base64 = CMS.getEncodedCert(certs[i]); - + // add base64 encoding + String base64 = CMS.getEncodedCert(certs[i]); + // pretty print certs params.add(getCertificateString(certs[i]), - print.toString(clientLocale) + "\n" + base64); + print.toString(clientLocale) + "\n" + base64); } sendResponse(SUCCESS, null, params, resp); return; @@ -542,18 +538,18 @@ public class UsrGrpAdminServlet extends AdminServlet { // note that it did not represent a certificate fully return cert.getVersion() + ";" + cert.getSerialNumber().toString() + - ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } /** * Searchess for groups in LDAP server - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group */ - private synchronized void findGroups(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findGroups(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -584,11 +580,11 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * finds a group * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -599,8 +595,8 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -619,14 +615,14 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_GROUP_GROUP, group.getGroupID()); params.add(Constants.PR_GROUP_DESC, - group.getDescription()); + group.getDescription()); Enumeration members = group.getMemberNames(); StringBuffer membersString = new StringBuffer(); if (members != null) { while (members.hasMoreElements()) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -644,7 +640,7 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); return; } @@ -653,24 +649,22 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a new user to LDAP server * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -694,8 +688,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -713,8 +707,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), + null, resp); return; } @@ -732,8 +726,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), + null, resp); return; } @@ -756,7 +750,7 @@ public class UsrGrpAdminServlet extends AdminServlet { sendResponse(ERROR, msg, null, resp); return; - } else + } else user.setFullName(fname); String email = super.getParameter(req, Constants.PR_USER_EMAIL); @@ -835,10 +829,10 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } - + if (e.hasMoreElements()) { IGroup group = (IGroup) e.nextElement(); @@ -858,18 +852,18 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, id, groupName} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, id, groupName } + ); } NameValuePairs params = new NameValuePairs(); @@ -899,10 +893,10 @@ public class UsrGrpAdminServlet extends AdminServlet { if (user.getUserID() == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); } return; } catch (LDAPException e) { @@ -920,7 +914,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); @@ -935,7 +929,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -980,24 +974,22 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a certificate to a user * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1021,8 +1013,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1068,7 +1060,7 @@ public class UsrGrpAdminServlet extends AdminServlet { try { CryptoManager manager = CryptoManager.getInstance(); - + PKCS7 pkcs7 = new PKCS7(p7Cert); X509Certificate p7certs[] = pkcs7.getCertificates(); @@ -1084,7 +1076,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } // fix for 370099 - cert ordering can not be assumed @@ -1095,7 +1087,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // the ordering if (p7certs[0].getSubjectDN().toString().equals( p7certs[0].getIssuerDN().toString()) && - (p7certs.length == 1)) { + (p7certs.length == 1)) { certs[0] = p7certs[0]; CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) { @@ -1119,7 +1111,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } @@ -1140,8 +1132,8 @@ public class UsrGrpAdminServlet extends AdminServlet { for (j = jBegin; j < jEnd; j++) { CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); org.mozilla.jss.crypto.X509Certificate leafCert = - null; - + null; + leafCert = manager.importCACertPackage(p7certs[j].getEncoded()); @@ -1152,10 +1144,10 @@ public class UsrGrpAdminServlet extends AdminServlet { } if (leafCert instanceof InternalCertificate) { - ((InternalCertificate) leafCert).setSSLTrust( - InternalCertificate.VALID_CA | - InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA); + ((InternalCertificate) leafCert).setSSLTrust( + InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT", String.valueOf(p7certs[j].getSubjectDN()))); @@ -1182,7 +1174,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } } catch (Exception e) { @@ -1198,7 +1190,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); return; } @@ -1236,10 +1228,10 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); return; } catch (CertificateNotYetValidException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file @@ -1252,7 +1244,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); return; } catch (LDAPException e) { @@ -1265,13 +1257,12 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); - if (e.getLDAPResultCode() == - LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); } return; } catch (Exception e) { @@ -1287,7 +1278,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { @@ -1332,28 +1323,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Removes a certificate for a user * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin * <P> - * - * In this method, "certDN" is actually a combination of version, - * serialNumber, issuerDN, and SubjectDN. + * + * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1377,8 +1365,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1431,7 +1419,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { @@ -1474,29 +1462,27 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * removes a user. user not removed if belongs to any group - * (Administrators should remove the user from "uniquemember" of - * any group he/she belongs to before trying to remove the user - * itself. + * removes a user. user not removed if belongs to any group + * (Administrators should remove the user from "uniquemember" of + * any group he/she belongs to before trying to remove the user + * itself. * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void removeUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1528,8 +1514,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get list of groups, and see if uid belongs to any @@ -1570,8 +1556,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), + null, resp); return; } } @@ -1604,7 +1590,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -1649,24 +1635,22 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a new group in local scope. * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1691,8 +1675,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1743,8 +1727,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { @@ -1789,24 +1773,22 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * removes a group * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void removeGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1831,8 +1813,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1892,27 +1874,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * modifies a group * <P> - * - * last person of the super power group "Certificate - * Server Administrators" can never be removed. + * + * last person of the super power group "Certificate Server Administrators" can never be removed. * <P> - * - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1937,8 +1917,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1968,7 +1948,7 @@ public class UsrGrpAdminServlet extends AdminServlet { if (multiRole) { group.addMemberName(memberName); } else { - if( isGroupInMultiRoleEnforceList(groupName)) { + if (isGroupInMultiRoleEnforceList(groupName)) { if (!isDuplicate(groupName, memberName)) { group.addMemberName(memberName); } else { @@ -2019,8 +1999,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { @@ -2062,36 +2042,35 @@ public class UsrGrpAdminServlet extends AdminServlet { } } - private boolean isGroupInMultiRoleEnforceList(String groupName) - { + private boolean isGroupInMultiRoleEnforceList(String groupName) { String groupList = null; if (groupName == null || groupName.equals("")) { return true; } if (mMultiRoleGroupEnforceList == null) { - try { - groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); - } catch (Exception e) { - } - - if (groupList != null && !groupList.equals("")) { - mMultiRoleGroupEnforceList = groupList.split(","); - for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) { - mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); - } - } - } - - if (mMultiRoleGroupEnforceList == null) - return true; - - for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { - if (groupName.equals(mMultiRoleGroupEnforceList[i])) { - return true; - } - } - return false; + try { + groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); + } catch (Exception e) { + } + + if (groupList != null && !groupList.equals("")) { + mMultiRoleGroupEnforceList = groupList.split(","); + for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) { + mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); + } + } + } + + if (mMultiRoleGroupEnforceList == null) + return true; + + for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { + if (groupName.equals(mMultiRoleGroupEnforceList[i])) { + return true; + } + } + return false; } private boolean isDuplicate(String groupName, String memberName) { @@ -2100,7 +2079,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // Let's not mess with users that are already a member of this group boolean isMember = false; try { - isMember = mMgr.isMemberOf(memberName,groupName); + isMember = mMgr.isMemberOf(memberName, groupName); } catch (Exception e) { } @@ -2134,24 +2113,22 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Modifies an existing user in local scope. * <P> - * - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring - * role information (anything under users/groups) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -2176,8 +2153,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2186,7 +2163,7 @@ public class UsrGrpAdminServlet extends AdminServlet { if ((fname == null) || (fname.length() == 0)) { String msg = - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); log(ILogger.LL_FAILURE, msg); @@ -2270,7 +2247,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -2316,6 +2293,6 @@ public class UsrGrpAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, - level, "UsrGrpAdminServlet: " + msg); + level, "UsrGrpAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 696b091e..d4b5495a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cms.servlet.common.Utils; import com.netscape.cmsutil.xml.XMLObject; - /** * This is the base class of all CS servlet. - * + * * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { @@ -127,76 +126,55 @@ public abstract class CMSServlet extends HttpServlet { public final static String AUTHZ_CONFIG_STORE = "authz"; public final static String AUTHZ_SRC_XML = "web.xml"; public final static String PROP_AUTHZ_MGR = "AuthzMgr"; - public final static String PROP_ACL = "ACLinfo"; + public final static String PROP_ACL = "ACLinfo"; public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; private final static String FAILED = "1"; private final static String HDR_LANG = "accept-language"; - + // final error message - if error and exception templates don't work // send out this text string directly to output. public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg"; public final static String ERROR_MSG_TOKEN = "$ERROR_MSG"; - public final static String FINAL_ERROR_MSG = - "<HTML>\n" + - "<BODY BGCOLOR=white>\n" + - "<P>\n" + - "The Certificate System has encountered " + - "an unrecoverable error.\n" + - "<P>\n" + - "Error Message:<BR>\n" + - "<I>$ERROR_MSG</I>\n" + - "<P>\n" + - "Please contact your local administrator for assistance.\n" + - "</BODY>\n" + - "</HTML>\n"; + public final static String FINAL_ERROR_MSG = + "<HTML>\n" + + "<BODY BGCOLOR=white>\n" + + "<P>\n" + + "The Certificate System has encountered " + + "an unrecoverable error.\n" + + "<P>\n" + + "Error Message:<BR>\n" + + "<I>$ERROR_MSG</I>\n" + + "<P>\n" + + "Please contact your local administrator for assistance.\n" + + "</BODY>\n" + + "</HTML>\n"; // properties from configuration. - protected final static String - PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; - protected final static String - UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; - protected final static String - PROP_SUCCESS_TEMPLATE = "successTemplate"; - protected final static String - SUCCESS_TEMPLATE = "/GenSuccess.template"; - protected final static String - PROP_PENDING_TEMPLATE = "pendingTemplate"; - protected final static String - PENDING_TEMPLATE = "/GenPending.template"; - protected final static String - PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; - protected final static String - SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; - protected final static String - PROP_REJECTED_TEMPLATE = "rejectedTemplate"; - protected final static String - REJECTED_TEMPLATE = "/GenRejected.template"; - protected final static String - PROP_ERROR_TEMPLATE = "errorTemplate"; - protected final static String - ERROR_TEMPLATE = "/GenError.template"; - protected final static String - PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; - protected final static String - EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; - - private final static String - PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; - protected final static String - PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; - private final static String - PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; - private final static String - PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; - private final static String - PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; - private final static String - PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; - private final static String - PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; + protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; + protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; + protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate"; + protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template"; + protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate"; + protected final static String PENDING_TEMPLATE = "/GenPending.template"; + protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; + protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; + protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate"; + protected final static String REJECTED_TEMPLATE = "/GenRejected.template"; + protected final static String PROP_ERROR_TEMPLATE = "errorTemplate"; + protected final static String ERROR_TEMPLATE = "/GenError.template"; + protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; + protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; + + private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; + protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; + private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; + private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; + private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; + private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; + private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; protected final static String RA_AGENT_GROUP = "Registration Manager Agents"; protected final static String CA_AGENT_GROUP = "Certificate Manager Agents"; @@ -206,25 +184,18 @@ public abstract class CMSServlet extends HttpServlet { protected final static String ADMIN_GROUP = "Administrators"; // default http params NOT to save in request.(config values added to list ) - private static final String - PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; - private static final String[] - DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", + private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; + private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", "challengePassword", "confirmChallengePassword" }; // default http headers to save in request. (config values added to list) - private static final String - PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; - private static final String[] - SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; + private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; + private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; // request prefixes to distinguish from other request attributes. - public static final String - PFX_HTTP_HEADER = "HTTP_HEADER"; - public static final String - PFX_HTTP_PARAM = "HTTP_PARAM"; - public static final String - PFX_AUTH_TOKEN = "AUTH_TOKEN"; + public static final String PFX_HTTP_HEADER = "HTTP_HEADER"; + public static final String PFX_HTTP_PARAM = "HTTP_PARAM"; + public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN"; /* input http params */ protected final static String AUTHMGR_PARAM = "authenticator"; @@ -232,8 +203,8 @@ public abstract class CMSServlet extends HttpServlet { /* fixed credential passed to auth managers */ protected final static String CERT_AUTH_CRED = "sslClientCert"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; // members. @@ -243,7 +214,7 @@ public abstract class CMSServlet extends HttpServlet { protected ServletConfig mServletConfig = null; protected ServletContext mServletContext = null; - private CMSFileLoader mFileLoader = null; + private CMSFileLoader mFileLoader = null; protected Vector<String> mDontSaveHttpParams = new Vector<String>(); protected Vector<String> mSaveHttpHeaders = new Vector<String>(); @@ -258,7 +229,7 @@ public abstract class CMSServlet extends HttpServlet { // system logger. protected ILogger mLogger = CMS.getLogger(); protected int mLogCategory = ILogger.S_OTHER; - private MessageDigest mSHADigest = null; + private MessageDigest mSHADigest = null; protected String mGetClientCert = "false"; protected String mAuthMgr = null; @@ -270,18 +241,18 @@ public abstract class CMSServlet extends HttpServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; private IUGSubsystem mUG = (IUGSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_UG); + CMS.getSubsystem(CMS.SUBSYSTEM_UG); private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public CMSServlet() { } @@ -328,33 +299,33 @@ public abstract class CMSServlet extends HttpServlet { if (mAuthority != null) mRequestQueue = mAuthority.getRequestQueue(); - // set default templates. + // set default templates. setDefaultTemplates(sc); // for logging to the right authority category. if (mAuthority == null) { mLogCategory = ILogger.S_OTHER; } else { - if (mAuthority instanceof ICertificateAuthority) + if (mAuthority instanceof ICertificateAuthority) mLogCategory = ILogger.S_CA; - else if (mAuthority instanceof IRegistrationAuthority) + else if (mAuthority instanceof IRegistrationAuthority) mLogCategory = ILogger.S_RA; - else if (mAuthority instanceof IKeyRecoveryAuthority) + else if (mAuthority instanceof IKeyRecoveryAuthority) mLogCategory = ILogger.S_KRA; - else + else mLogCategory = ILogger.S_OTHER; } try { // get final error message. // used when templates can't even be loaded. - String eMsg = - sc.getInitParameter(PROP_FINAL_ERROR_MSG); + String eMsg = + sc.getInitParameter(PROP_FINAL_ERROR_MSG); if (eMsg != null) mFinalErrorMsg = eMsg; - // get any configured templates. + // get any configured templates. Enumeration<CMSLoadTemplate> templs = mTemplates.elements(); while (templs.hasMoreElements()) { @@ -363,13 +334,13 @@ public abstract class CMSServlet extends HttpServlet { if (templ == null || templ.mPropName == null) { continue; } - String tName = - sc.getInitParameter(templ.mPropName); + String tName = + sc.getInitParameter(templ.mPropName); if (tName != null) templ.mTemplateName = tName; - String fillerName = - sc.getInitParameter(templ.mFillerPropName); + String fillerName = + sc.getInitParameter(templ.mFillerPropName); if (fillerName != null) { ICMSTemplateFiller filler = newFillerObject(fillerName); @@ -385,26 +356,26 @@ public abstract class CMSServlet extends HttpServlet { getSaveHttpHeaders(sc); } catch (Exception e) { // should never occur since we provide defaults above. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } } - + public String getId() { return mId; } - + public String getAuthMgr() { return mAuthMgr; } @@ -416,44 +387,43 @@ public abstract class CMSServlet extends HttpServlet { return false; } - public void outputHttpParameters(HttpServletRequest httpReq) - { - CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); + public void outputHttpParameters(HttpServletRequest httpReq) { + CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); Enumeration<?> paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.startsWith("p12Password") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.startsWith("p12Password") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); @@ -473,7 +443,7 @@ public abstract class CMSServlet extends HttpServlet { httpReq.setCharacterEncoding("UTF-8"); if (CMS.debugOn()) { - outputHttpParameters(httpReq); + outputHttpParameters(httpReq); } CMS.debug("CMSServlet: " + mId + " start to service."); String className = this.getClass().getName(); @@ -482,7 +452,7 @@ public abstract class CMSServlet extends HttpServlet { CMSRequest cmsRequest = newCMSRequest(); // set argblock - cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq))); + cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq))); // set http request cmsRequest.setHttpReq(httpReq); @@ -516,14 +486,14 @@ public abstract class CMSServlet extends HttpServlet { renderResult(cmsRequest); SessionContext.releaseContext(); return; - } + } long startTime = CMS.getCurrentDate().getTime(); process(cmsRequest); renderResult(cmsRequest); Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); } iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { @@ -551,8 +521,9 @@ public abstract class CMSServlet extends HttpServlet { /** * Create a new CMSRequest object. This should be overriden by servlets - * implementing different types of request - * @return a new CMSRequest object + * implementing different types of request + * + * @return a new CMSRequest object */ protected CMSRequest newCMSRequest() { return new CMSRequest(); @@ -560,30 +531,29 @@ public abstract class CMSServlet extends HttpServlet { /** * process an HTTP request. Servlets must override this with their - * own implementation - * @throws EBaseException if the servlet was unable to satisfactorily - * process the request + * own implementation + * + * @throws EBaseException if the servlet was unable to satisfactorily + * process the request */ - protected void process(CMSRequest cmsRequest) - throws EBaseException - { + protected void process(CMSRequest cmsRequest) + throws EBaseException { } - /** - * Output a template. + * Output a template. * If an error occurs while outputing the template the exception template * is used to display the error. * * @param cmsReq the CS request */ protected void renderResult(CMSRequest cmsReq) - throws IOException { + throws IOException { if (!mRenderResult) return; Integer status = cmsReq.getStatus(); - + CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status); if (ltempl == null || ltempl.mTemplateName == null) { @@ -594,13 +564,12 @@ public abstract class CMSServlet extends HttpServlet { renderTemplate(cmsReq, ltempl.mTemplateName, filler); } - + private static final String PRESERVED = "preserved"; public static final String TEMPLATE_NAME = "templateName"; - + protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent, - String argBlockName, IArgBlock argBlock) - { + String argBlockName, IArgBlock argBlock) { Node argBlockContainer = xmlObj.createContainer(parent, argBlockName); if (argBlock != null) { @@ -614,15 +583,14 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) - { + protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); Node root = xmlObj.createRoot("xml"); outputArgBlockAsXML(xmlObj, root, "header", params.getHeader()); - outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); + outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); Enumeration<IArgBlock> records = params.queryRecords(); Node recordsNode = xmlObj.createContainer(root, "records"); @@ -645,14 +613,14 @@ public abstract class CMSServlet extends HttpServlet { } protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException { + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException { try { IArgBlock httpParams = cmsReq.getHttpParams(); Locale[] locale = new Locale[1]; CMSTemplate template = - getTemplate(templateName, cmsReq.getHttpReq(), locale); + getTemplate(templateName, cmsReq.getHttpReq(), locale); CMSTemplateParams templateParams = null; if (filler != null) { @@ -670,20 +638,20 @@ public abstract class CMSServlet extends HttpServlet { } if (httpParams != null) { - String httpTemplateName = - httpParams.getValueAsString( - TEMPLATE_NAME, null); + String httpTemplateName = + httpParams.getValueAsString( + TEMPLATE_NAME, null); if (httpTemplateName != null) { templateName = httpTemplateName; } } - if (templateParams == null) + if (templateParams == null) templateParams = new CMSTemplateParams(null, null); - // #359630 - // inject preserved http parameter into the template + // #359630 + // inject preserved http parameter into the template if (httpParams != null) { String preserved = httpParams.getValueAsString( PRESERVED, null); @@ -704,32 +672,33 @@ public abstract class CMSServlet extends HttpServlet { cmsReq.getHttpResp().setContentLength(bos.size()); bos.writeTo(cmsReq.getHttpResp().getOutputStream()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); - renderException(cmsReq, - new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); + renderException(cmsReq, + new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); return; } } /** - * Output exception (unexpected error) template + * Output exception (unexpected error) template * This is different from other templates in that if an exception occurs - * while rendering the exception a message is printed out directly. - * If the message gets an error an IOException is thrown. - * In others if an exception occurs while rendering the template the - * exception template (this) is called. + * while rendering the exception a message is printed out directly. + * If the message gets an error an IOException is thrown. + * In others if an exception occurs while rendering the template the + * exception template (this) is called. * <p> + * * @param cmsReq the CS request to pass to template filler if any. * @param e the unexpected exception */ - protected void renderException(CMSRequest cmsReq, EBaseException e) - throws IOException { + protected void renderException(CMSRequest cmsReq, EBaseException e) + throws IOException { try { Locale[] locale = new Locale[1]; - CMSLoadTemplate loadTempl = - (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); - CMSTemplate template = getTemplate(loadTempl.mTemplateName, + CMSLoadTemplate loadTempl = + (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); + CMSTemplate template = getTemplate(loadTempl.mTemplateName, cmsReq.getHttpReq(), locale); ICMSTemplateFiller filler = loadTempl.mFiller; CMSTemplateParams templateParams = null; @@ -749,7 +718,7 @@ public abstract class CMSServlet extends HttpServlet { } if (e != null) { templateParams.getFixed().set( - ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); + ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); } // just output arg blocks as XML @@ -772,25 +741,25 @@ public abstract class CMSServlet extends HttpServlet { } } - public void renderFinalError(CMSRequest cmsReq, Exception ex) - throws IOException { + public void renderFinalError(CMSRequest cmsReq, Exception ex) + throws IOException { // this template is the last resort for all other unexpected // errors in other templates so we can only output text. HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); ServletOutputStream out = httpResp.getOutputStream(); - + // replace $ERRORMSG with exception message if included. String finalErrMsg = mFinalErrorMsg; int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN); if (tokenIdx != -1) { - finalErrMsg = + finalErrMsg = mFinalErrorMsg.substring(0, tokenIdx) + - ex.toString() + - mFinalErrorMsg.substring( - tokenIdx + ERROR_MSG_TOKEN.length()); + ex.toString() + + mFinalErrorMsg.substring( + tokenIdx + ERROR_MSG_TOKEN.length()); } out.println(finalErrMsg); return; @@ -822,12 +791,12 @@ public abstract class CMSServlet extends HttpServlet { } /** - * construct a authentication credentials to pass into authentication + * construct a authentication credentials to pass into authentication * manager. */ public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -837,8 +806,8 @@ public abstract class CMSServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -854,19 +823,19 @@ public abstract class CMSServlet extends HttpServlet { /** * get ssl client authenticated certificate */ - protected X509Certificate - getSSLClientCertificate(HttpServletRequest httpReq) - throws EBaseException { + protected X509Certificate + getSSLClientCertificate(HttpServletRequest httpReq) + throws EBaseException { X509Certificate cert = null; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); // iws60 support Java Servlet Spec V2.2, attribute // javax.servlet.request.X509Certificate now contains array // of X509Certificates instead of one X509Certificate object - X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { throw new EBaseException("You did not provide a valid certificate for this operation"); @@ -876,10 +845,10 @@ public abstract class CMSServlet extends HttpServlet { if (cert == null) { // just don't have a cert. - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); return null; - } + } // convert to sun's x509 cert interface. try { @@ -888,53 +857,53 @@ public abstract class CMSServlet extends HttpServlet { cert = new X509CertImpl(certEncoded); } catch (CertificateEncodingException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); return null; } catch (CertificateException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); return null; } - return cert; + return cert; } /** * get a template based on result status. */ protected CMSTemplate getTemplate( - String templateName, HttpServletRequest httpReq, Locale[] locale) - throws EBaseException, IOException { + String templateName, HttpServletRequest httpReq, Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (mServletConfig == null) { - CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" ); + CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!"); return null; } if (mServletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - mServletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + templateName); if (realpath == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); + File templateFile = + getLangFile(httpReq, realpathFile, locale); String charSet = httpReq.getCharacterEncoding(); if (charSet == null) { charSet = "UTF8"; } - CMSTemplate template = - (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); + CMSTemplate template = + (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); return template; } @@ -943,13 +912,13 @@ public abstract class CMSServlet extends HttpServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, + "Servlet " + mId + ": " + msg); } /** @@ -965,8 +934,8 @@ public abstract class CMSServlet extends HttpServlet { dontSaveParams = sc.getInitParameter( PROP_DONT_SAVE_HTTP_PARAMS); if (dontSaveParams != null) { - StringTokenizer params = - new StringTokenizer(dontSaveParams, ","); + StringTokenizer params = + new StringTokenizer(dontSaveParams, ","); while (params.hasMoreTokens()) { String param = params.nextToken(); @@ -976,8 +945,8 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); // default just in case. for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); @@ -997,12 +966,12 @@ public abstract class CMSServlet extends HttpServlet { } // now get from config file if there's more. - String saveHeaders = - sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); + String saveHeaders = + sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); - if (saveHeaders != null) { - StringTokenizer headers = - new StringTokenizer(saveHeaders, ","); + if (saveHeaders != null) { + StringTokenizer headers = + new StringTokenizer(saveHeaders, ","); while (headers.hasMoreTokens()) { String hdr = headers.nextToken(); @@ -1021,8 +990,8 @@ public abstract class CMSServlet extends HttpServlet { * save http headers in a IRequest. */ protected void saveHttpHeaders( - HttpServletRequest httpReq, IRequest req) - throws EBaseException { + HttpServletRequest httpReq, IRequest req) + throws EBaseException { Hashtable<String, String> headers = new Hashtable<String, String>(); Enumeration<String> hdrs = mSaveHttpHeaders.elements(); @@ -1041,7 +1010,7 @@ public abstract class CMSServlet extends HttpServlet { * save http headers in a IRequest. */ protected void saveHttpParams( - IArgBlock httpParams, IRequest req) { + IArgBlock httpParams, IRequest req) { Hashtable<String, String> saveParams = new Hashtable<String, String>(); Enumeration<String> names = httpParams.elements(); @@ -1075,14 +1044,14 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting a cert record given a serial number. */ protected ICertRecord getCertRecord(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); @@ -1093,8 +1062,8 @@ public abstract class CMSServlet extends HttpServlet { try { certRecord = certdb.readCertificateRecord(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return certRecord; @@ -1126,18 +1095,18 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for getting a certificate from the certificate + * handy routine for getting a certificate from the certificate * repository. mAuthority must be a CA. */ protected X509Certificate getX509Certificate(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); @@ -1148,15 +1117,16 @@ public abstract class CMSServlet extends HttpServlet { try { cert = certdb.getX509Certificate(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return cert; } /** - * instantiate a new filler from a class name, + * instantiate a new filler from a class name, + * * @return null if can't be instantiated, new instance otherwise. */ protected ICMSTemplateFiller newFillerObject(String fillerClass) { @@ -1169,8 +1139,8 @@ public abstract class CMSServlet extends HttpServlet { if ((e instanceof RuntimeException)) { throw (RuntimeException) e; } else { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); return null; } } @@ -1178,8 +1148,8 @@ public abstract class CMSServlet extends HttpServlet { } /** - * set default templates. - * subclasses can override, and should override at least the success + * set default templates. + * subclasses can override, and should override at least the success * template */ protected void setDefaultTemplates(ServletConfig sc) { @@ -1211,16 +1181,16 @@ public abstract class CMSServlet extends HttpServlet { successTemplate = SUCCESS_TEMPLATE; if (gateway != null) //successTemplate = "/"+gateway+successTemplate; - successTemplate = "/"+gateway+successTemplate; + successTemplate = "/" + gateway + successTemplate; } errorTemplate = sc.getInitParameter( PROP_ERROR_TEMPLATE); if (errorTemplate == null) { errorTemplate = ERROR_TEMPLATE; - if (gateway != null) + if (gateway != null) //errorTemplate = "/"+gateway+errorTemplate; - errorTemplate = "/"+gateway+errorTemplate; + errorTemplate = "/" + gateway + errorTemplate; } unauthorizedTemplate = sc.getInitParameter( @@ -1229,7 +1199,7 @@ public abstract class CMSServlet extends HttpServlet { unauthorizedTemplate = UNAUTHORIZED_TEMPLATE; if (gateway != null) //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; - unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + unauthorizedTemplate = "/" + gateway + unauthorizedTemplate; } pendingTemplate = sc.getInitParameter( @@ -1238,7 +1208,7 @@ public abstract class CMSServlet extends HttpServlet { pendingTemplate = PENDING_TEMPLATE; if (gateway != null) //pendingTemplate = "/"+gateway+pendingTemplate; - pendingTemplate = "/"+gateway+pendingTemplate; + pendingTemplate = "/" + gateway + pendingTemplate; } svcpendingTemplate = sc.getInitParameter( @@ -1247,7 +1217,7 @@ public abstract class CMSServlet extends HttpServlet { svcpendingTemplate = SVC_PENDING_TEMPLATE; if (gateway != null) //svcpendingTemplate = "/"+gateway+svcpendingTemplate; - svcpendingTemplate = "/"+gateway+svcpendingTemplate; + svcpendingTemplate = "/" + gateway + svcpendingTemplate; } rejectedTemplate = sc.getInitParameter( @@ -1256,7 +1226,7 @@ public abstract class CMSServlet extends HttpServlet { rejectedTemplate = REJECTED_TEMPLATE; if (gateway != null) //rejectedTemplate = "/"+gateway+rejectedTemplate; - rejectedTemplate = "/"+gateway+rejectedTemplate; + rejectedTemplate = "/" + gateway + rejectedTemplate; } unexpectedErrorTemplate = sc.getInitParameter( @@ -1265,50 +1235,50 @@ public abstract class CMSServlet extends HttpServlet { unexpectedErrorTemplate = EXCEPTION_TEMPLATE; if (gateway != null) //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; - unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; + unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate; } } catch (Exception e) { // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } mTemplates.put( - CMSRequest.UNAUTHORIZED, - new CMSLoadTemplate( - PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, - unauthorizedTemplate, null)); + CMSRequest.UNAUTHORIZED, + new CMSLoadTemplate( + PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, + unauthorizedTemplate, null)); mTemplates.put( - CMSRequest.SUCCESS, - new CMSLoadTemplate( - PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - successTemplate, new GenSuccessTemplateFiller())); + CMSRequest.SUCCESS, + new CMSLoadTemplate( + PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, + successTemplate, new GenSuccessTemplateFiller())); mTemplates.put( - CMSRequest.PENDING, - new CMSLoadTemplate( - PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, - pendingTemplate, new GenPendingTemplateFiller())); + CMSRequest.PENDING, + new CMSLoadTemplate( + PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, + pendingTemplate, new GenPendingTemplateFiller())); mTemplates.put( - CMSRequest.SVC_PENDING, - new CMSLoadTemplate( - PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, - svcpendingTemplate, new GenSvcPendingTemplateFiller())); + CMSRequest.SVC_PENDING, + new CMSLoadTemplate( + PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, + svcpendingTemplate, new GenSvcPendingTemplateFiller())); mTemplates.put( - CMSRequest.REJECTED, - new CMSLoadTemplate( - PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, - rejectedTemplate, new GenRejectedTemplateFiller())); + CMSRequest.REJECTED, + new CMSLoadTemplate( + PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, + rejectedTemplate, new GenRejectedTemplateFiller())); mTemplates.put( - CMSRequest.ERROR, - new CMSLoadTemplate( - PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, - errorTemplate, new GenErrorTemplateFiller())); + CMSRequest.ERROR, + new CMSLoadTemplate( + PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, + errorTemplate, new GenErrorTemplateFiller())); mTemplates.put( - CMSRequest.EXCEPTION, - new CMSLoadTemplate( - PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, - unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); + CMSRequest.EXCEPTION, + new CMSLoadTemplate( + PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, + unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); } /** @@ -1317,8 +1287,8 @@ public abstract class CMSServlet extends HttpServlet { public static boolean clientIsNav(HttpServletRequest httpReq) { String useragent = httpReq.getHeader("user-agent"); - if (useragent.startsWith("Mozilla") && - useragent.indexOf("MSIE") == -1) + if (useragent.startsWith("Mozilla") && + useragent.indexOf("MSIE") == -1) return true; return false; } @@ -1339,10 +1309,11 @@ public abstract class CMSServlet extends HttpServlet { * set using cartman JS. (no other way to tell) */ private static String CMMF_RESPONSE = "cmmfResponse"; + public static boolean doCMMFResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false)) return true; - else + else return false; } @@ -1350,29 +1321,24 @@ public abstract class CMSServlet extends HttpServlet { private static final String IMPORT_CHAIN = "importCAChain"; private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType"; // default mime type - private static final String - NS_X509_USER_CERT = "application/x-x509-user-cert"; - private static final String - NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; + private static final String NS_X509_USER_CERT = "application/x-x509-user-cert"; + private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; // CMC mime types - public static final String - SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; - public static final String - SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; + public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; /** * handy routine to check if client want full enrollment response */ public static String FULL_RESPONSE = "fullResponse"; + public static boolean doFullResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(FULL_RESPONSE, false)) return true; - else + else return false; } @@ -1381,19 +1347,19 @@ public abstract class CMSServlet extends HttpServlet { * @return true if import cert directly is true and import cert. */ protected boolean checkImportCertToNav( - HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) - throws EBaseException { + HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) + throws EBaseException { if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) { return false; } boolean importCAChain = - httpParams.getValueAsBoolean(IMPORT_CHAIN, true); + httpParams.getValueAsBoolean(IMPORT_CHAIN, true); // XXX Temporary workaround because of problem with passing Mime type boolean emailCert = - httpParams.getValueAsBoolean("emailCert", false); + httpParams.getValueAsBoolean("emailCert", false); String importMimeType = (emailCert) ? - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); // String importMimeType = // httpParams.getValueAsString( @@ -1406,17 +1372,17 @@ public abstract class CMSServlet extends HttpServlet { * handy routine to import cert to old navigator in nav mime type. */ public void importCertToNav( - HttpServletResponse httpResp, X509CertImpl cert, - String contentType, boolean importCAChain) - throws EBaseException { + HttpServletResponse httpResp, X509CertImpl cert, + String contentType, boolean importCAChain) + throws EBaseException { ServletOutputStream out = null; byte[] encoding = null; - CMS.debug("CMSServlet: importCertToNav " + - "contentType=" + contentType + " " + + CMS.debug("CMSServlet: importCertToNav " + + "contentType=" + contentType + " " + "importCAChain=" + importCAChain); - try { - out = httpResp.getOutputStream(); + try { + out = httpResp.getOutputStream(); // CA chain. if (importCAChain) { CertificateChain caChain = null; @@ -1427,8 +1393,8 @@ public abstract class CMSServlet extends HttpServlet { caCerts = caChain.getChain(); // set user + CA cert chain in pkcs7 - X509CertImpl[] userChain = - new X509CertImpl[caCerts.length + 1]; + X509CertImpl[] userChain = + new X509CertImpl[caCerts.length + 1]; userChain[0] = cert; int m = 1, n = 0; @@ -1456,16 +1422,16 @@ public abstract class CMSServlet extends HttpServlet { } httpResp.setContentType(contentType); out.write(encoding); - } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); + } catch (IOException e) { + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT")); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } @@ -1511,13 +1477,13 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting agent's relative path */ protected String getRelPath(IAuthority authority) { - if (authority instanceof ICertificateAuthority) + if (authority instanceof ICertificateAuthority) return "ca/"; - else if (authority instanceof IRegistrationAuthority) + else if (authority instanceof IRegistrationAuthority) return "ra/"; - else if (authority instanceof IKeyRecoveryAuthority) + else if (authority instanceof IKeyRecoveryAuthority) return "kra/"; - else + else return "/"; } @@ -1531,55 +1497,57 @@ public abstract class CMSServlet extends HttpServlet { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } - X509Certificate caCert = - ((ICertificateAuthority)mAuthority).getCACert(); + X509Certificate caCert = + ((ICertificateAuthority) mAuthority).getCACert(); if (caCert != null) { - /* only check this if we are self-signed */ - if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { - if (caCert.getSerialNumber().equals(serialNo)) { - return true; + /* only check this if we are self-signed */ + if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { + if (caCert.getSerialNumber().equals(serialNo)) { + return true; + } } - } } return false; } /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. */ protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.class.getSimpleName(), reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); + RevokedCertImpl crlentry = + new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); return crlentry; } /** * check if a certificate (serial number) is revoked on a CA. + * * @return true if cert is marked revoked in the CA's database. - * @return false if cert is not marked revoked. + * @return false if cert is not marked revoked. */ - protected boolean certIsRevoked(BigInteger serialNum) - throws EBaseException { + protected boolean certIsRevoked(BigInteger serialNum) + throws EBaseException { ICertRecord certRecord = getCertRecord(serialNum); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); throw new ECMSGWException( CMS.getLogMessage("CMSGW_INVALID_CERT")); } @@ -1590,7 +1558,7 @@ public abstract class CMSServlet extends HttpServlet { public static String generateSalt() { Random rnd = new Random(); - String salt = new Integer( rnd.nextInt() ).toString(); + String salt = new Integer(rnd.nextInt()).toString(); return salt; } @@ -1608,8 +1576,8 @@ public abstract class CMSServlet extends HttpServlet { * @param locale array of at least one to be filled with locale found. */ public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -1626,7 +1594,7 @@ public abstract class CMSServlet extends HttpServlet { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -1655,8 +1623,8 @@ public abstract class CMSServlet extends HttpServlet { } String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -1688,18 +1656,18 @@ public abstract class CMSServlet extends HttpServlet { } public IAuthToken authenticate(CMSRequest req) - throws EBaseException { + throws EBaseException { return authenticate(req, mAuthMgr); } public IAuthToken authenticate(HttpServletRequest httpReq) - throws EBaseException { + throws EBaseException { return authenticate(httpReq, mAuthMgr); } - public IAuthToken authenticate(CMSRequest req, String authMgrName) - throws EBaseException { - IAuthToken authToken = authenticate(req.getHttpReq(), + public IAuthToken authenticate(CMSRequest req, String authMgrName) + throws EBaseException { + IAuthToken authToken = authenticate(req.getHttpReq(), authMgrName); saveAuthToken(authToken, req.getIRequest()); @@ -1709,19 +1677,16 @@ public abstract class CMSServlet extends HttpServlet { /** * Authentication * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded * </ul> + * * @exception EBaseException an error has occurred */ public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) - throws EBaseException { + throws EBaseException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; @@ -1750,9 +1715,9 @@ public abstract class CMSServlet extends HttpServlet { // // check ssl client authentication if specified. // - X509Certificate clientCert = null; + X509Certificate clientCert = null; - if (getClientCert != null && getClientCert.equals("true")) { + if (getClientCert != null && getClientCert.equals("true")) { CMS.debug("CMSServlet: retrieving SSL certificate"); clientCert = getSSLClientCertificate(httpReq); } @@ -1795,10 +1760,10 @@ public abstract class CMSServlet extends HttpServlet { } AuthToken authToken = CMSGateway.checkAuthManager(httpReq, httpArgs, - clientCert, + clientCert, authMgrName); if (authToken == null) { - return null; + return null; } String userid = authToken.getInString(IAuthToken.USER_ID); @@ -1807,7 +1772,7 @@ public abstract class CMSServlet extends HttpServlet { if (userid != null) { ctx.put(SessionContext.USER_ID, userid); } - + // reset the "auditSubjectID" auditSubjectID = auditSubjectID(); @@ -1828,7 +1793,7 @@ public abstract class CMSServlet extends HttpServlet { auditSubjectID, ILogger.FAILURE, auditAuthMgrID, - auditUID); + auditUID); audit(auditMessage); // rethrow the specific exception to be handled later @@ -1837,7 +1802,7 @@ public abstract class CMSServlet extends HttpServlet { } public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, - String exp) throws EBaseException { + String exp) throws EBaseException { AuthzToken authzToken = null; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1911,29 +1876,27 @@ public abstract class CMSServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization - * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port) * </ul> + * * @param authzMgrName string representing the name of the authorization - * manager + * manager * @param authToken the authentication token * @param resource a string representing the ACL resource id as defined in - * the ACL resource list + * the ACL resource list * @param operation a string representing one of the operations as defined - * within the ACL statement (e. g. - "read" for an ACL statement containing - * "(read,write)") + * within the ACL statement (e. g. - "read" for an ACL statement containing + * "(read,write)") * @exception EBaseException an error has occurred * @return the authorization token */ public AuthzToken authorize(String authzMgrName, IAuthToken authToken, - String resource, String operation) - throws EBaseException { + String resource, String operation) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); @@ -1941,19 +1904,18 @@ public abstract class CMSServlet extends HttpServlet { String auditACLResource = resource; String auditOperation = operation; - SessionContext auditContext = SessionContext.getExistingContext(); String authManagerId = null; - if(auditContext != null) { + if (auditContext != null) { authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID); - - if(authManagerId != null && authManagerId.equals("TokenAuth")) { - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { - CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); - auditID = auditGroupID; - } + + if (authManagerId != null && authManagerId.equals("TokenAuth")) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); + auditID = auditGroupID; + } } } @@ -2073,11 +2035,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -2089,20 +2051,20 @@ public abstract class CMSServlet extends HttpServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -2137,12 +2099,12 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log Group ID - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "gid" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { @@ -2177,14 +2139,14 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Groups - * + * * This method is called to extract all "groups" associated * with the "auditSubjectID()". * <P> - * + * * @param id string containing the signed audit log message SubjectID * @return a delimited string of groups associated - * with the "auditSubjectID()" + * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -2193,7 +2155,7 @@ public abstract class CMSServlet extends HttpServlet { } if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -2211,7 +2173,7 @@ public abstract class CMSServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!= 0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -2219,7 +2181,7 @@ public abstract class CMSServlet extends HttpServlet { } } - if (membersString.length()!=0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -2243,18 +2205,18 @@ public abstract class CMSServlet extends HttpServlet { return locale; } - protected void outputResult(HttpServletResponse httpResp, - String contentType, byte[] content) { + protected void outputResult(HttpServletResponse httpResp, + String contentType, byte[] content) { try { OutputStream os = httpResp.getOutputStream(); - + httpResp.setContentType(contentType); httpResp.setContentLength(content.length); os.write(content); os.flush(); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); return; } } @@ -2288,34 +2250,36 @@ public abstract class CMSServlet extends HttpServlet { } catch (Exception ee) { CMS.debug("Failed to send XML output to the server."); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); } } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || nextC == '<' || nextC == '>' || nextC == '#' || nextC == ';' || nextC == '\r' || nextC == '\n' || nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -2323,11 +2287,10 @@ public abstract class CMSServlet extends HttpServlet { } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index 64c59c5a..4bfc7460 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.File; import java.io.IOException; import java.io.PrintWriter; @@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.util.Utils; - /** * This servlet is started by the web server at startup, and * it starts the CMS framework. - * + * * @version $Revision$, $Date$ */ public class CMSStartServlet extends HttpServlet { @@ -55,34 +53,34 @@ public class CMSStartServlet extends HttpServlet { if (!f.exists()) { int index = path.lastIndexOf("CS.cfg"); if (index != -1) { - old_path = path.substring(0, index)+"CMS.cfg"; + old_path = path.substring(0, index) + "CMS.cfg"; } File f1 = new File(old_path); if (f1.exists()) { // The following block of code moves "CMS.cfg" to "CS.cfg". try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - f1.getAbsolutePath().replace( '/', '\\' ) + + Utils.exec("copy " + + f1.getAbsolutePath().replace('/', '\\') + " " + - f.getAbsolutePath().replace( '/', '\\' ) ); + f.getAbsolutePath().replace('/', '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + - f.getAbsolutePath() ); + Utils.exec("cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath()); } // Remove the original file if and only if // the backup copy was successful. - if( f.exists() ) { + if (f.exists()) { f1.delete(); // Make certain that the new file has // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00660 " + f.getAbsolutePath()); } } } catch (Exception e) { @@ -96,7 +94,7 @@ public class CMSStartServlet extends HttpServlet { } public void doGet(HttpServletRequest req, HttpServletResponse res) - throws ServletException, IOException { + throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index 8d853f0b..ffd602b2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -33,10 +32,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * This is the servlet that displays the html page for the corresponding input id. - * + * * @version $Revision$, $Date$ */ public class DisplayHtmlServlet extends CMSServlet { @@ -55,7 +53,7 @@ public class DisplayHtmlServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); + mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); mTemplates.remove(CMSRequest.SUCCESS); } @@ -68,18 +66,18 @@ public class DisplayHtmlServlet extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); try { - String realpath = - mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); if (realpath == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ; + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File file = new File(realpath); long flen = file.length(); - byte[] bin = new byte[(int)flen]; + byte[] bin = new byte[(int) flen]; FileInputStream ins = new FileInputStream(file); int len = 0; @@ -92,9 +90,9 @@ public class DisplayHtmlServlet extends CMSServlet { ins.close(); bos.close(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java index 9607fbe2..f7f31b19 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -39,14 +38,12 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * Return some javascript to the request which contains the list of * dynamic data in the CMS system. * <p> - * This allows the requestor (browser) to make decisions about what - * to present in the UI, depending on how CMS is configured - * + * This allows the requestor (browser) to make decisions about what to present in the UI, depending on how CMS is configured + * * @version $Revision$, $Date$ */ public class DynamicVariablesServlet extends CMSServlet { @@ -83,10 +80,10 @@ public class DynamicVariablesServlet extends CMSServlet { private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()"; private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6); private String VAR_CLA_CRL_URL_VALUE = null; - + private String mAuthMgrCacheString = ""; - private long mAuthMgrCacheTime = 0; - private final int AUTHMGRCACHE = 10; //number of seconds to cache list of + private long mAuthMgrCacheTime = 0; + private final int AUTHMGRCACHE = 10; //number of seconds to cache list of // authmanagers for private Hashtable dynvars = null; private String mGetClientCert = "false"; @@ -99,7 +96,7 @@ public class DynamicVariablesServlet extends CMSServlet { IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING); try { - mCrlurl = + mCrlurl = config.getString(PROP_CRLURL, ""); } catch (EBaseException e) { } @@ -119,33 +116,27 @@ public class DynamicVariablesServlet extends CMSServlet { /** * Reads the following variables from the servlet config: * <ul> - * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request - * <li><strong>GetClientCert</strong> - whether to request client auth for this request - * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client - * <li><strong>dynamicVariables</strong> - a string of the form: - * serverdate=serverdate(),subsystemname=subsystemname(), - * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() + * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request + * <li><strong>GetClientCert</strong> - whether to request client auth for this request + * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client + * <li><strong>dynamicVariables</strong> - a string of the form: serverdate=serverdate(),subsystemname=subsystemname(), http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() * </ul> * The dynamicVariables string is parsed by splitting on commas. * When services, the HTTP request provides a piece of javascript * code as follows. * <p> - * Each sub expression "lhs=rhs()" forms a javascript statement of the form - * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the - * rhs. The possible values for the rhs() function are: + * Each sub expression "lhs=rhs()" forms a javascript statement of the form <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. The possible values for the rhs() function are: * <ul> - * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client - * clock is set correctly) + * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client clock is set correctly) * <li><strong>subsystemname()</strong> * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https) * <li>authmgrs() - a comma separated list of authentication managers - * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is - * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl' + * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl' * </ul> + * * @see javax.servlet.Servlet#init(ServletConfig) */ - public void init(ServletConfig sc) throws ServletException { super.init(sc); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); @@ -194,8 +185,8 @@ public class DynamicVariablesServlet extends CMSServlet { } public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -214,7 +205,7 @@ public class DynamicVariablesServlet extends CMSServlet { httpResp.setContentType("application/x-javascript"); httpResp.setHeader("Pragma", "no-cache"); - + try { ServletOutputStream os = httpResp.getOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java index 3b8f8bd4..f96cb0e1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve information. - * + * * @version $Revision$, $Date$ */ public class GetStats extends CMSServlet { @@ -64,7 +62,7 @@ public class GetStats extends CMSServlet { /** * initialize the servlet. This servlet uses the template * file "getOCSPInfo.template" to render the result page. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +77,13 @@ public class GetStats extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,10 +95,10 @@ public class GetStats extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -118,10 +115,10 @@ public class GetStats extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,12 +127,12 @@ public class GetStats extends CMSServlet { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); StatsEvent st = statsSub.getMainStatsEvent(); String op = httpReq.getParameter("op"); if (op != null && op.equals("clear")) { - statsSub.resetCounters(); + statsSub.resetCounters(); } header.addStringValue("startTime", statsSub.getStartTime().toString()); @@ -149,43 +146,42 @@ public class GetStats extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); return; } - public String getSep(int level) - { - StringBuffer s = new StringBuffer(); - for (int i = 0; i < level; i++) { - s.append("-"); - } - return s.toString(); + public String getSep(int level) { + StringBuffer s = new StringBuffer(); + for (int i = 0; i < level; i++) { + s.append("-"); + } + return s.toString(); } public void parse(CMSTemplateParams argSet, StatsEvent st, int level) { Enumeration names = st.getSubEventNames(); while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - StatsEvent subSt = st.getSubEvent(name); - - IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); - rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); - rarg.addLongValue("timeTaken", subSt.getTimeTaken()); - rarg.addLongValue("max", subSt.getMax()); - rarg.addLongValue("min", subSt.getMin()); - rarg.addLongValue("percentage", subSt.getPercentage()); - rarg.addLongValue("avg", subSt.getAvg()); - rarg.addLongValue("stddev", subSt.getStdDev()); - argSet.addRepeatRecord(rarg); - - parse(argSet, subSt, level+1); + String name = (String) names.nextElement(); + StatsEvent subSt = st.getSubEvent(name); + + IArgBlock rarg = CMS.createArgBlock(); + rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); + rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); + rarg.addLongValue("timeTaken", subSt.getTimeTaken()); + rarg.addLongValue("max", subSt.getMax()); + rarg.addLongValue("min", subSt.getMin()); + rarg.addLongValue("percentage", subSt.getPercentage()); + rarg.addLongValue("avg", subSt.getAvg()); + rarg.addLongValue("stddev", subSt.getStdDev()); + argSet.addRepeatRecord(rarg); + + parse(argSet, subSt, level + 1); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java index 89179b57..95dbf2ab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -32,11 +31,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.IndexTemplateFiller; - /** * This is the servlet that builds the index page in * various ports. - * + * * @version $Revision$, $Date$ */ public class IndexServlet extends CMSServlet { @@ -91,26 +89,26 @@ public class IndexServlet extends CMSServlet { * Serves HTTP request. */ public void process(CMSRequest cmsReq) throws EBaseException { - if (CMSGateway.getEnableAdminEnroll() && - mAuthority != null && - mAuthority instanceof ICertificateAuthority) { + if (CMSGateway.getEnableAdminEnroll() && + mAuthority != null && + mAuthority instanceof ICertificateAuthority) { try { cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html"); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1", - e.toString())); + e.toString())); } return; } else { try { renderTemplate( - cmsReq, mTemplateName, new IndexTemplateFiller()); + cmsReq, mTemplateName, new IndexTemplateFiller()); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE")); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java index 4c3dec80..fced583a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject; /** * This servlet returns port information. - * + * * @version $Revision$, $Date$ */ public class PortsServlet extends CMSServlet { @@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet { String port = null; if (secure.equals("true")) - port = CMS.getEESSLPort(); + port = CMS.getEESSLPort(); else port = CMS.getEENonSSLPort(); - + try { XMLObject xmlObj = null; xmlObj = new XMLObject(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java index 15bfb306..0784945a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java @@ -2,7 +2,6 @@ package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.HashMap; import java.util.Iterator; @@ -21,34 +20,33 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; - /** * This is a servlet that proxies request to another servlet. - * + * * SERVLET REDIRECTION * Specify the URL of a servlet to forward the request to - * destServlet: /ee/ca/newservlet - * + * destServlet: /ee/ca/newservlet + * * PARAMETER MAPPING - * In the servlet configuration (as an init-param in web.xml) you - * can optionally specify a value for the parameter 'parameterMap' + * In the servlet configuration (as an init-param in web.xml) you + * can optionally specify a value for the parameter 'parameterMap' * which contains a list of HTTP parameters which should be * translated to new names. * - * parameterMap: name1->newname1,name2->newname2 - * + * parameterMap: name1->newname1,name2->newname2 + * * Optionally, names can be set to static values: - * - * parameterMap: name1->name2=value - * + * + * parameterMap: name1->name2=value + * * Examples: * Consider the following HTTP input parameters: - * vehicle:car make:ford model:explorer + * vehicle:car make:ford model:explorer * * The following config strings will have this effect: - * parameterMap: make->manufacturer,model->name=expedition,->suv=true - * output: vehicle:car manufactuer:ford model:expedition suv:true - * + * parameterMap: make->manufacturer,model->name=expedition,->suv=true + * output: vehicle:car manufactuer:ford model:expedition suv:true + * * @version $Revision$, $Date$ */ public class ProxyServlet extends HttpServlet { @@ -64,40 +62,41 @@ public class ProxyServlet extends HttpServlet { private Vector mMatchStrings = new Vector(); private String mDestServletOnNoMatch = null; private String mAppendPathInfoOnNoMatch = null; - private Map mParamMap = new HashMap(); - private Map mParamValue = new HashMap(); + private Map mParamMap = new HashMap(); + private Map mParamValue = new HashMap(); public ProxyServlet() { } - private void parseParamTable(String s) { - if (s == null) return; - - String[] params = s.split(","); - for (int i=0;i<params.length;i++) { - String p = params[i]; - if (p != null) { - String[] paramNames = p.split("->"); - if (paramNames.length != 2) { - } - String from = paramNames[0]; - String to = paramNames[1]; - if (from != null && to != null) { - String[] splitTo = to.split("="); - String toName = splitTo[0]; - if (from.length() >0) { - mParamMap.put(from,toName); - } - if (splitTo.length == 2) { - String toValue = splitTo[1]; - String toValues[] = new String[1]; - toValues[0] = toValue; - mParamValue.put(toName,toValues); - } - } - } - } - } + private void parseParamTable(String s) { + if (s == null) + return; + + String[] params = s.split(","); + for (int i = 0; i < params.length; i++) { + String p = params[i]; + if (p != null) { + String[] paramNames = p.split("->"); + if (paramNames.length != 2) { + } + String from = paramNames[0]; + String to = paramNames[1]; + if (from != null && to != null) { + String[] splitTo = to.split("="); + String toName = splitTo[0]; + if (from.length() > 0) { + mParamMap.put(from, toName); + } + if (splitTo.length == 2) { + String toValue = splitTo[1]; + String toValues[] = new String[1]; + toValues[0] = toValue; + mParamValue.put(toName, toValues); + } + } + } + } + } public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -115,14 +114,13 @@ public class ProxyServlet extends HttpServlet { mAppendPathInfo = sc.getInitParameter("appendPathInfo"); mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch"); String map = sc.getInitParameter("parameterMap"); - if (map != null) { - parseParamTable(map); - } + if (map != null) { + parseParamTable(map); + } } public void service(HttpServletRequest req, HttpServletResponse res) throws - IOException, ServletException - { + IOException, ServletException { RequestDispatcher dispatcher = null; String dest = mDest; String uri = req.getRequestURI(); @@ -132,120 +130,118 @@ public class ProxyServlet extends HttpServlet { if (mMatchStrings.size() != 0) { boolean matched = false; for (int i = 0; i < mMatchStrings.size(); i++) { - String t = (String)mMatchStrings.elementAt(i); - if (uri.indexOf(t) != -1) { + String t = (String) mMatchStrings.elementAt(i); + if (uri.indexOf(t) != -1) { matched = true; } } if (!matched) { dest = mDestServletOnNoMatch; // append Path info for OCSP request in Get method - if (mAppendPathInfoOnNoMatch != null && - !mAppendPathInfoOnNoMatch.equals("")) { + if (mAppendPathInfoOnNoMatch != null && + !mAppendPathInfoOnNoMatch.equals("")) { dest = dest + uri.replace(mAppendPathInfoOnNoMatch, ""); } } } if (dest == null || dest.equals("")) { - // mapping everything - dest = uri; - dest = dest.replaceFirst(mSrcContext, ""); + // mapping everything + dest = uri; + dest = dest.replaceFirst(mSrcContext, ""); } if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) { - dest = dest + uri.replace(mAppendPathInfo, ""); + dest = dest + uri.replace(mAppendPathInfo, ""); } if (mDestContext != null && !mDestContext.equals("")) { - dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); + dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); } else { - dispatcher = req.getRequestDispatcher(dest); + dispatcher = req.getRequestDispatcher(dest); } - // If a parameter map was specified - if (mParamMap != null && !mParamMap.isEmpty()) { - // Make a new wrapper with the new parameters - ProxyWrapper r = new ProxyWrapper(req); - r.setParameterMapAndValue(mParamMap,mParamValue); - req = r; - } - - dispatcher.forward(req, res); + // If a parameter map was specified + if (mParamMap != null && !mParamMap.isEmpty()) { + // Make a new wrapper with the new parameters + ProxyWrapper r = new ProxyWrapper(req); + r.setParameterMapAndValue(mParamMap, mParamValue); + req = r; + } + + dispatcher.forward(req, res); } } -class ProxyWrapper extends HttpServletRequestWrapper -{ - private Map mMap = null; - private Map mValueMap = null; - - public ProxyWrapper(HttpServletRequest req) - { - super(req); - } - - public void setParameterMapAndValue(Map m,Map v) - { - if (m != null) mMap = m; - if (v != null) mValueMap = v; - } - - public Map getParameterMap() - { - try { - // If we haven't specified any parameter mapping, just - // use the regular implementation - if (mMap == null) return super.getParameterMap(); - else { - // Make a new Map for us to put stuff in - Map n = new HashMap(); - // get the HTTP parameters the user supplied. - Map m = super.getParameterMap(); - Set s = m.entrySet(); - Iterator i = s.iterator(); - while (i.hasNext()) { - Map.Entry me = (Map.Entry) i.next(); - String name = (String) me.getKey(); - String[] values = (String[])(me.getValue()); - String newname = null; - if (name != null) { - newname = (String) mMap.get(name); - } - - // No mapping specified, just use existing name/value - if (newname == null || mValueMap == null) { - n.put(name,values); - } else { // new name specified - Object o = mValueMap.get(newname); - // check if new (static) value specified - if (o==null) { - n.put(newname,values); - } else { - String newvalues[] = (String[])mValueMap.get(newname); - n.put(newname,newvalues); - } - } - } - // Now, deal with static values set in the config - // which weren't set in the HTTP request - Set s2 = mValueMap.entrySet(); - Iterator i2 = s2.iterator(); - // Cycle through all the static values - while (i2.hasNext()) { - Map.Entry me2 = (Map.Entry) i2.next(); - String name2 = (String) me2.getKey(); - if (n.get(name2) == null) { - String[] values2 = (String[])me2.getValue(); - // If the parameter is not set in the map - // Set it now - n.put(name2,values2); - } - } - - return n; - } - } catch (NullPointerException npe) { - CMS.debug(npe); - return null; - } - } -} +class ProxyWrapper extends HttpServletRequestWrapper { + private Map mMap = null; + private Map mValueMap = null; + + public ProxyWrapper(HttpServletRequest req) { + super(req); + } + + public void setParameterMapAndValue(Map m, Map v) { + if (m != null) + mMap = m; + if (v != null) + mValueMap = v; + } + public Map getParameterMap() { + try { + // If we haven't specified any parameter mapping, just + // use the regular implementation + if (mMap == null) + return super.getParameterMap(); + else { + // Make a new Map for us to put stuff in + Map n = new HashMap(); + // get the HTTP parameters the user supplied. + Map m = super.getParameterMap(); + Set s = m.entrySet(); + Iterator i = s.iterator(); + while (i.hasNext()) { + Map.Entry me = (Map.Entry) i.next(); + String name = (String) me.getKey(); + String[] values = (String[]) (me.getValue()); + String newname = null; + if (name != null) { + newname = (String) mMap.get(name); + } + + // No mapping specified, just use existing name/value + if (newname == null || mValueMap == null) { + n.put(name, values); + } else { // new name specified + Object o = mValueMap.get(newname); + // check if new (static) value specified + if (o == null) { + n.put(newname, values); + } else { + String newvalues[] = (String[]) mValueMap.get(newname); + n.put(newname, newvalues); + } + } + } + // Now, deal with static values set in the config + // which weren't set in the HTTP request + Set s2 = mValueMap.entrySet(); + Iterator i2 = s2.iterator(); + // Cycle through all the static values + while (i2.hasNext()) { + Map.Entry me2 = (Map.Entry) i2.next(); + String name2 = (String) me2.getKey(); + if (n.get(name2) == null) { + String[] values2 = (String[]) me2.getValue(); + // If the parameter is not set in the map + // Set it now + n.put(name2, values2); + } + } + + return n; + } + } catch (NullPointerException npe) { + CMS.debug(npe); + return null; + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 5daac065..6d91e1b2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; @@ -35,10 +34,10 @@ import com.netscape.certsrv.apps.CMS; * thread. * <p> * Also allows user to trigger a new garbage collection - * + * * @version $Revision$, $Date$ */ -public class SystemInfoServlet extends HttpServlet { +public class SystemInfoServlet extends HttpServlet { /** * @@ -58,16 +57,16 @@ public class SystemInfoServlet extends HttpServlet { * value of the 'op' HTTP parameter. * <UL> * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet - * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers - * (@see java.lang.Runtime.getRuntime#gc() ) - * <li>op = general - display information about memory, and other JVM informatino - * <li>op = thread - display details about each thread. + * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers (@see java.lang.Runtime.getRuntime#gc() ) + * <li>op = general - display information about memory, and other JVM informatino + * <li>op = thread - display details about each thread. * </UL> + * * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) */ - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean collect = false; String op = request.getParameter("op"); @@ -83,9 +82,9 @@ public class SystemInfoServlet extends HttpServlet { } } - private void mainMenu(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void mainMenu(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); response.getWriter().println("<a href=" + request.getServletPath() + ">"); @@ -122,9 +121,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void gc(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void gc(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { java.lang.Runtime.getRuntime().gc(); java.lang.Runtime.getRuntime().runFinalization(); response.getWriter().println("<HTML>"); @@ -140,9 +139,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void general(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void general(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); response.getWriter().println("<a href=" + request.getServletPath() + ">"); @@ -221,9 +220,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void thread(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void thread(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("</table>"); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java index 02ab5b52..dd8f6961 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - /** * This class represents information about the client e.g. version, * langauge, vendor. - * + * * @version $Revision$, $Date$ */ public class UserInfo { @@ -36,7 +35,7 @@ public class UserInfo { /** * Returns the user language. - * + * * @param s user language info from the browser * @return user language */ @@ -53,7 +52,7 @@ public class UserInfo { /** * Returns the user country. - * + * * @param s user language info from the browser * @return user country */ @@ -67,10 +66,10 @@ public class UserInfo { } return ""; } - + /** * Returns the users agent. - * + * * @param s user language info from the browser * @return user agent */ @@ -79,7 +78,7 @@ public class UserInfo { if (s.indexOf(MSIE) != -1) { return MSIE; } - + // Check for Netscape i.e. Mozilla if (s.indexOf(MOZILLA) != -1) { return MOZILLA; @@ -87,5 +86,5 @@ public class UserInfo { // Don't know agent. Return empty string. return ""; - } + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 15d069e3..8bcb4857 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -67,10 +66,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a certificate with a CMC-formatted revocation request - * + * * @version $Revision$, $Date$ */ public class CMCRevReqServlet extends CMSServlet { @@ -83,7 +81,7 @@ public class CMCRevReqServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "revocationResult.template"; public static final String CRED_CMC = "cmcRequest"; - + private ICertificateRepository mCertDB = null; private String mFormPath = null; private IRequestQueue mQueue = null; @@ -92,12 +90,10 @@ public class CMCRevReqServlet extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; @@ -106,15 +102,16 @@ public class CMCRevReqServlet extends CMSServlet { // request attributes public static final String SERIALNO_ARRAY = "serialNoArray"; - + public CMCRevReqServlet() { super(); } - /** + /** * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ + * + * @param sc servlet configuration, read from the web.xml file + */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -136,26 +133,26 @@ public class CMCRevReqServlet extends CMSServlet { mFormPath = mOutputTemplatePath; } - - /** - * Process the HTTP request. - * - * <ul> - * <li>http.param cmcRequest the base-64 encoded CMC request - * </ul> - * @param cmsReq the object holding the request and response information + /** + * Process the HTTP request. + * + * <ul> + * <li>http.param cmcRequest the base-64 encoded CMC request + * </ul> + * + * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { String cmcAgentSerialNumber = null; IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath = "+mFormPath); + CMS.debug("**** mFormPath = " + mFormPath); try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { @@ -167,12 +164,11 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - String cmc = (String) httpParams.get(CRED_CMC); if (cmc == null) { throw new EMissingCredential( - CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); + CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } IAuthToken authToken = authenticate(cmsReq); @@ -200,8 +196,8 @@ CMS.debug("**** mFormPath = "+mFormPath); serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL); } - Integer reasonCode = Integer.valueOf(0); - if (authToken != null) { + Integer reasonCode = Integer.valueOf(0); + if (authToken != null) { reasonCode = authToken.getInInteger(REASON_CODE); } RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue()); @@ -211,12 +207,12 @@ CMS.debug("**** mFormPath = "+mFormPath); String revokeAll = null; int verifiedRecordCount = 0; int totalRecordCount = 0; - + if (serialNoArray != null) { totalRecordCount = serialNoArray.length; verifiedRecordCount = serialNoArray.length; } - + X509CertImpl[] certs = null; //for audit log. @@ -247,7 +243,7 @@ CMS.debug("**** mFormPath = "+mFormPath); IRequest getCertsChallengeReq = null; getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); @@ -257,7 +253,7 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -268,22 +264,22 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); + serialNoArray[i], 16); rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); + certs[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); + certs[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); + certs[i].getNotAfter().getTime() / 1000); //argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); + cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0],cmcAgentSerialNumber); - + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0], cmcAgentSerialNumber); + } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -292,7 +288,7 @@ CMS.debug("**** mFormPath = "+mFormPath); try { ServletOutputStream out = resp.getOutputStream(); - if ((serialNoArray== null) || (serialNoArray.length == 0)) { + if ((serialNoArray == null) || (serialNoArray.length == 0)) { cmsReq.setStatus(CMSRequest.ERROR); EBaseException ee = new EBaseException("No matched certificate is found"); @@ -300,16 +296,16 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -318,56 +314,53 @@ CMS.debug("**** mFormPath = "+mFormPath); * Process cert status change request using the Certificate Management * protocol using CMS (CMC) * <P> - * + * * (Certificate Request - an "EE" cert status change request) * <P> - * + * * (Certificate Request Processed - an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before - * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records * @param revokeAll string containing information on all of the - * certificates to be revoked + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale,String cmcAgentSerialNumber) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale, String cmcAgentSerialNumber) + throws EBaseException { String eeSerialNumber = null; - if(cmcAgentSerialNumber!=null) { + if (cmcAgentSerialNumber != null) { eeSerialNumber = cmcAgentSerialNumber; - }else{ - X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req ); - if( sslCert != null ) { + } else { + X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); + if (sslCert != null) { eeSerialNumber = sslCert.getSerialNumber().toString(); } } @@ -375,11 +368,11 @@ CMS.debug("**** mFormPath = "+mFormPath); boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID( req ); - String auditSerialNumber = auditSerialNumber( eeSerialNumber ); - String auditRequestType = auditRequestType( reason ); + String auditRequesterID = auditRequesterID(req); + String auditSerialNumber = auditSerialNumber(eeSerialNumber); + String auditRequestType = auditRequestType(reason); String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - String auditReasonNum = String.valueOf( reason ); + String auditReasonNum = String.valueOf(reason); try { int count = 0; @@ -418,18 +411,18 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -441,14 +434,12 @@ CMS.debug("**** mFormPath = "+mFormPath); } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -457,8 +448,8 @@ CMS.debug("**** mFormPath = "+mFormPath); String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { @@ -485,12 +476,12 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -507,12 +498,12 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -533,7 +524,7 @@ CMS.debug("**** mFormPath = "+mFormPath); } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -573,7 +564,7 @@ CMS.debug("**** mFormPath = "+mFormPath); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -584,18 +575,18 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -608,23 +599,23 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } header.addStringValue("revoked", "yes"); Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -633,15 +624,15 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) header.addStringValue("updateCRLError", - crlError); + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -649,22 +640,22 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -674,25 +665,25 @@ CMS.debug("**** mFormPath = "+mFormPath); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; @@ -700,15 +691,15 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue(publishStatusStr, "yes"); } else { String publishErrorStr = - crl.getCrlPublishErrorStr(); + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -717,7 +708,7 @@ CMS.debug("**** mFormPath = "+mFormPath); if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -734,11 +725,11 @@ CMS.debug("**** mFormPath = "+mFormPath); // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -752,16 +743,16 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } @@ -771,7 +762,8 @@ CMS.debug("**** mFormPath = "+mFormPath); if (errors != null && errors.size() > 0) { for (int ii = 0; ii < errors.size(); ii++) { - errorStr.append(errors.elementAt(ii));; + errorStr.append(errors.elementAt(ii)); + ; } } header.addStringValue("error", errorStr.toString()); @@ -780,16 +772,16 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -798,17 +790,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -818,12 +810,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -832,11 +824,10 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditRequesterID, @@ -857,12 +848,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -871,18 +862,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -891,18 +881,18 @@ CMS.debug("**** mFormPath = "+mFormPath); throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -911,18 +901,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -934,12 +923,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -948,18 +937,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -973,11 +961,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1003,11 +991,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1026,7 +1014,7 @@ CMS.debug("**** mFormPath = "+mFormPath); // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1036,11 +1024,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Request Type - * + * * This method is called to obtain the "Request Type" for * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1062,4 +1050,3 @@ CMS.debug("**** mFormPath = "+mFormPath); return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 181e6e9c..9ca4afab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -66,11 +65,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Takes the certificate info (serial number) and optional challenge phrase, creates a + * Takes the certificate info (serial number) and optional challenge phrase, creates a * revocation request and submits it to the authority subsystem for processing - * + * * @version $Revision$, $Date$ */ public class ChallengeRevocationServlet1 extends CMSServlet { @@ -102,10 +100,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the file - * revocationResult.template for the response - * - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the file + * revocationResult.template for the response + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -125,17 +123,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet { mQueue = mAuthority.getRequestQueue(); } - /** - * Process the HTTP request. + /** + * Process the HTTP request. * <ul> * <li>http.param REASON_CODE the revocation reason - * <li>http.param b64eCertificate the base-64 encoded certificate to revoke + * <li>http.param b64eCertificate the base-64 encoded certificate to revoke * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -159,23 +157,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // for audit log IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + BigInteger[] serialNoArray = null; if (authToken != null) { serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO); } // set revocation reason, default to unspecified if not set. - int reasonCode = - httpParams.getValueAsInt(REASON_CODE, 0); + int reasonCode = + httpParams.getValueAsInt(REASON_CODE, 0); // header.addIntegerValue("reason", reasonCode); RevocationReason reason = RevocationReason.fromInt(reasonCode); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); Date invalidityDate = null; String revokeAll = null; - int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0; - int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0; + int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0; + int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0; X509CertImpl[] certs = null; @@ -198,11 +196,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -222,7 +220,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IRequest getCertsChallengeReq = null; getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); @@ -232,7 +230,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -243,20 +241,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); + serialNoArray[i], 16); rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); + certs[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); + certs[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); + certs[i].getNotAfter().getTime() / 1000); //argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; process(argSet, header, reasonCode, invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0]); + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0]); } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -265,10 +263,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { ServletOutputStream out = resp.getOutputStream(); - if( serialNoArray == null ) { - CMS.debug( "ChallengeRevcationServlet1::process() - " + - " serialNoArray is null!" ); - EBaseException ee = new EBaseException( "No matched certificate is found" ); + if (serialNoArray == null) { + CMS.debug("ChallengeRevcationServlet1::process() - " + + " serialNoArray is null!"); + EBaseException ee = new EBaseException("No matched certificate is found"); cmsReq.setError(ee); return; @@ -282,31 +280,31 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { try { int count = 0; Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>(); @@ -344,18 +342,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -367,14 +365,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -383,8 +379,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { @@ -411,12 +407,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -433,12 +429,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -459,7 +455,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); @@ -479,7 +475,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -490,18 +486,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -514,23 +510,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } header.addStringValue("revoked", "yes"); Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -539,15 +535,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) header.addStringValue("updateCRLError", - crlError); + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -555,22 +551,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -580,25 +576,25 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; @@ -606,15 +602,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue(publishStatusStr, "yes"); } else { String publishErrorStr = - crl.getCrlPublishErrorStr(); + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -623,7 +619,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -640,11 +636,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -658,16 +654,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } @@ -686,16 +682,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -706,7 +702,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { e.printStackTrace(); @@ -715,4 +711,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java index b3693a53..9feddbec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Redirect a request to the Master. This servlet is used in - * a clone when a requested service (such as CRL) is not available. + * a clone when a requested service (such as CRL) is not available. * It redirects the user to the master. - * + * * @version $Revision$, $Date$ */ public class CloneRedirect extends CMSServlet { @@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet { /** * Initialize the servlet. - * @param sc servlet configuration, read from the web.xml file + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -93,8 +92,8 @@ public class CloneRedirect extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output with our own template. + + // override success to do output with our own template. mTemplates.remove(CMSRequest.SUCCESS); } @@ -117,28 +116,28 @@ public class CloneRedirect extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } - CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java index 0ccf7f18..03c909cc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Face-to-face' certificate enrollment. - * + * * @version $Revision$, $Date$ */ public class DirAuthServlet extends CMSServlet { @@ -64,8 +62,9 @@ public class DirAuthServlet extends CMSServlet { super(); } - /** + /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,15 +80,14 @@ public class DirAuthServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - - /** + /** * Process the HTTP request. This servlet reads configuration information - * from the hashDirEnrollment configuration substore - * + * from the hashDirEnrollment configuration substore + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -112,8 +110,8 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -176,11 +174,11 @@ public class DirAuthServlet extends CMSServlet { mgr.addAuthToken(pageID, authToken); - header.addStringValue("pageID", pageID); + header.addStringValue("pageID", pageID); header.addStringValue("uid", uid); header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid)); header.addStringValue("hostname", reqHost); - + try { ServletOutputStream out = httpResp.getOutputStream(); @@ -188,8 +186,8 @@ public class DirAuthServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -199,7 +197,7 @@ public class DirAuthServlet extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -219,7 +217,7 @@ public class DirAuthServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -234,7 +232,7 @@ public class DirAuthServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java index 9f353312..a5cdc98e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, disable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.EnableEnrollResult */ @@ -83,7 +81,7 @@ public class DisableEnrollResult extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -162,10 +160,10 @@ public class DisableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index ea62b9cb..16be7a8a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display detailed information about a certificate - * + * * The template 'displayBySerial.template' is used to * render the response for this servlet. - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -99,6 +97,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -109,13 +108,13 @@ public class DisplayBySerial extends CMSServlet { try { mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); } // coming from ee mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1; - - if (mOutputTemplatePath != null) + + if (mOutputTemplatePath != null) mForm1Path = mOutputTemplatePath; // override success and error templates to null - @@ -126,8 +125,7 @@ public class DisplayBySerial extends CMSServlet { /** * Serves HTTP request. The format of this request is as follows: * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to display - * (or hex if serialNumber preceded by 0x) + * <li>http.param serialNumber Decimal serial number of certificate to display (or hex if serialNumber preceded by 0x) * </ul> */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -151,7 +149,7 @@ public class DisplayBySerial extends CMSServlet { mAuthzResourceName, "read"); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -170,8 +168,8 @@ public class DisplayBySerial extends CMSServlet { error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (EDBRecordNotFoundException e) { @@ -185,15 +183,15 @@ public class DisplayBySerial extends CMSServlet { try { if (serialNumber.compareTo(MINUS_ONE) > 0) { - process(argSet, header, serialNumber, - req, resp, locale[0]); + process(argSet, header, serialNumber, + req, resp, locale[0]); } else { error = new ECMSGWException( CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); } } catch (EBaseException e) { error = e; - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -201,19 +199,19 @@ public class DisplayBySerial extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -223,53 +221,53 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular certificate */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { String certType[] = new String[1]; try { ICertRecord rec = getCertRecord(seq, certType); - + if (certType[0].equalsIgnoreCase("x509")) { processX509(argSet, header, seq, req, resp, locale); return; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return; } - + private void processX509(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { try { ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq); - if (rec == null) { - CMS.debug("DisplayBySerial: failed to read record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (rec == null) { + CMS.debug("DisplayBySerial: failed to read record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } X509CertImpl cert = rec.getCertificate(); - if (cert == null) { - CMS.debug("DisplayBySerial: no certificate in record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (cert == null) { + CMS.debug("DisplayBySerial: no certificate in record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } try { X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (info == null) { - CMS.debug("DisplayBySerial: no info found"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (info == null) { + CMS.debug("DisplayBySerial: no info found"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); @@ -287,11 +285,11 @@ public class DisplayBySerial extends CMSServlet { } if (ext instanceof KeyUsageExtension) { KeyUsageExtension usage = - (KeyUsageExtension) ext; + (KeyUsageExtension) ext; try { if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e) { // bug356108: @@ -321,8 +319,8 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("noCertImport", noCertImport); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); } IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -347,8 +345,8 @@ public class DisplayBySerial extends CMSServlet { ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert); - header.addStringValue("certPrettyPrint", - certDetails.toString(locale)); + header.addStringValue("certPrettyPrint", + certDetails.toString(locale)); /* String scheme = req.getScheme(); @@ -369,8 +367,8 @@ public class DisplayBySerial extends CMSServlet { try { certFingerprints = CMS.getFingerPrints(cert); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); } if (certFingerprints.length() > 0) header.addStringValue("certFingerprint", certFingerprints); @@ -387,7 +385,8 @@ public class DisplayBySerial extends CMSServlet { (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; */ // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { if (cert.equals(mCACerts[i])) { @@ -398,10 +397,10 @@ public class DisplayBySerial extends CMSServlet { certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { @@ -414,43 +413,43 @@ public class DisplayBySerial extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), certsInChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - p7.encodeSignedData(bos,false); + p7.encodeSignedData(bos, false); byte[] p7Bytes = bos.toByteArray(); - p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); + p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); header.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception e) { //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() //+ "; Please contact your administrator"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7")); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } return; } - + private ICertRecord getCertRecord(BigInteger seq, String certtype[]) - throws EBaseException { + throws EBaseException { ICertRecord rec = null; - + try { rec = (ICertRecord) mCertDB.readCertificateRecord(seq); X509CertImpl x509cert = rec.getCertificate(); @@ -460,16 +459,16 @@ public class DisplayBySerial extends CMSServlet { return rec; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return rec; } private BigInteger getSerialNumber(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); if (serialNumString != null) { @@ -477,11 +476,10 @@ public class DisplayBySerial extends CMSServlet { if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { return new BigInteger(serialNumString.substring(2), 16); } else { - return new BigInteger(serialNumString); + return new BigInteger(serialNumString); } - } else { + } else { throw new NumberFormatException(); - } + } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 3a5f3f06..0f2cd413 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Decode the CRL and display it to the requester. - * + * * @version $Revision$, $Date$ */ public class DisplayCRL extends CMSServlet { @@ -80,7 +78,8 @@ public class DisplayCRL extends CMSServlet { /** * Initialize the servlet. This servlet uses the 'displayCRL.template' file to * to render the response to the client. - * @param sc servlet configuration, read from the web.xml file + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -96,15 +95,15 @@ public class DisplayCRL extends CMSServlet { } /** - * Process the HTTP request + * Process the HTTP request * <ul> - * <li>http.param crlIssuingPoint number - * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL - * <li>http.param pageStart which page to start displaying from - * <li>http.param pageSize number of entries to show per page + * <li>http.param crlIssuingPoint number + * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL + * <li>http.param pageStart which page to start displaying from + * <li>http.param pageSize number of entries to show per page * </ul> + * * @param cmsReq the Request to service. - */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -132,8 +131,8 @@ public class DisplayCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -148,22 +147,22 @@ public class DisplayCRL extends CMSServlet { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); process(argSet, header, req, resp, crlIssuingPointId, - locale[0]); + locale[0]); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -192,24 +191,25 @@ public class DisplayCRL extends CMSServlet { masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { clonedCA = true; ipNames = crlRepository.getIssuingPointsNames(); } } catch (EBaseException e) { } - + if (clonedCA) { if (crlIssuingPointId != null) { if (ipNames != null && ipNames.size() > 0) { int i; for (i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); if (crlIssuingPointId.equals(ipName)) { break; } } - if (i >= ipNames.size()) crlIssuingPointId = null; + if (i >= ipNames.size()) + crlIssuingPointId = null; } else { crlIssuingPointId = null; } @@ -226,13 +226,14 @@ public class DisplayCRL extends CMSServlet { isCRLCacheEnabled = ip.isCRLCacheEnabled(); break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } } if (crlIssuingPointId == null) { header.addStringValue("error", - "Request to unspecified or non-existing CRL issuing point: "+ipId); + "Request to unspecified or non-existing CRL issuing point: " + ipId); return; } @@ -240,22 +241,23 @@ public class DisplayCRL extends CMSServlet { String crlDisplayType = req.getParameter("crlDisplayType"); - if (crlDisplayType == null) crlDisplayType = "cachedCRL"; + if (crlDisplayType == null) + crlDisplayType = "cachedCRL"; header.addStringValue("crlDisplayType", crlDisplayType); try { - crlRecord = + crlRecord = (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId); } catch (EBaseException e) { header.addStringValue("error", e.toString(locale)); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); - return; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + return; } header.addStringValue("crlIssuingPoint", crlIssuingPointId); @@ -283,10 +285,10 @@ public class DisplayCRL extends CMSServlet { byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); return; } @@ -299,8 +301,8 @@ public class DisplayCRL extends CMSServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } } @@ -320,24 +322,25 @@ public class DisplayCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; // if (lPageStart + lPageSize - lCRLSize > 1) // lPageStart = lCRLSize - lPageSize + 1; header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, - lCRLSize, lPageStart, lPageSize)); + "crlPrettyPrint", crlDetails.toString(locale, + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale)); + "crlPrettyPrint", crlDetails.toString(locale)); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); @@ -377,14 +380,14 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else if (crlDisplayType.equals("deltaCRL")) { - if ((clonedCA && crlRecord.getDeltaCRLSize() != null && - crlRecord.getDeltaCRLSize().longValue() > -1) || - (crlIP != null && crlIP.isDeltaCRLEnabled())) { + if ((clonedCA && crlRecord.getDeltaCRLSize() != null && + crlRecord.getDeltaCRLSize().longValue() > -1) || + (crlIP != null && crlIP.isDeltaCRLEnabled())) { byte[] deltaCRLBytes = crlRecord.getDeltaCRL(); if (deltaCRLBytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); header.addStringValue("error", "Delta CRL is not available"); } else { X509CRLImpl deltaCRL = null; @@ -393,23 +396,23 @@ public class DisplayCRL extends CMSServlet { deltaCRL = new X509CRLImpl(deltaCRLBytes); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); if ((clonedCA && crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) || - (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { + deltaNumber.compareTo(crlNumber) >= 0) || + (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { header.addIntegerValue("deltaCRLSize", - deltaCRL.getNumberOfRevokedCertificates()); + deltaCRL.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); try { byte[] ba = deltaCRL.getEncoded(); @@ -455,8 +458,8 @@ public class DisplayCRL extends CMSServlet { } } else { header.addStringValue("error", "Delta CRL is not enabled for " + - crlIssuingPointId + - " issuing point"); + crlIssuingPointId + + " issuing point"); } } @@ -464,10 +467,10 @@ public class DisplayCRL extends CMSServlet { header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); - header.addStringValue("crlPrettyPrint", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("crlPrettyPrint", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java index 6efda2bb..9815ff68 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Servlet to report the status, ie, the agent-initiated user * enrollment is enabled or disabled. - * + * * @version $Revision$, $Date$ */ public class DisplayHashUserEnroll extends CMSServlet { @@ -90,7 +88,7 @@ public class DisplayHashUserEnroll extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -117,7 +115,7 @@ public class DisplayHashUserEnroll extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -177,10 +175,10 @@ public class DisplayHashUserEnroll extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -188,7 +186,7 @@ public class DisplayHashUserEnroll extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -208,9 +206,9 @@ public class DisplayHashUserEnroll extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -223,10 +221,10 @@ public class DisplayHashUserEnroll extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index 3c562d65..66841e39 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevoke extends CMSServlet { @@ -98,12 +96,10 @@ public class DoRevoke extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevoke() { super(); @@ -111,7 +107,8 @@ public class DoRevoke extends CMSServlet { /** * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * file "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -146,15 +143,18 @@ public class DoRevoke extends CMSServlet { /** * Serves HTTP request. The http parameters used by this request are as follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -204,7 +204,7 @@ public class DoRevoke extends CMSServlet { if (req.getParameter("verifiedRecordCount") != null) { verifiedRecordCount = Integer.parseInt( req.getParameter( - "verifiedRecordCount")); + "verifiedRecordCount")); } if (req.getParameter("invalidityDate") != null) { long l = Long.parseLong(req.getParameter( @@ -228,8 +228,8 @@ public class DoRevoke extends CMSServlet { try { user = (IUser) mUL.locateUser(new Certificates(certChain)); } catch (Exception e) { - CMS.debug("DoRevoke: Failed to map certificate '"+ - cert2.getSubjectDN().getName()+"' to user."); + CMS.debug("DoRevoke: Failed to map certificate '" + + cert2.getSubjectDN().getName() + "' to user."); } if (mUG.isMemberOf(user, "Subsystem Group")) { skipNonceVerification = true; @@ -249,8 +249,8 @@ public class DoRevoke extends CMSServlet { } else { CMS.debug("DoRevoke: Missing nonce"); } - CMS.debug("DoRevoke: nonceVerified="+nonceVerified); - CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification); + CMS.debug("DoRevoke: nonceVerified=" + nonceVerified); + CMS.debug("DoRevoke: skipNonceVerification=" + skipNonceVerification); if ((!nonceVerified) && (!skipNonceVerification)) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; @@ -275,25 +275,24 @@ public class DoRevoke extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber != null) { + if (serialNumber != null) { eeSerialNumber = serialNumber; } @@ -306,12 +305,12 @@ public class DoRevoke extends CMSServlet { } else { // request is fromUser. initiative = AuditFormat.FROMUSER; - + String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); if (serialNumber == null || sslCert == null || - !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { + !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { authorized = false; } else { eeSubjectDN = sslCert.getSubjectDN().toString(); @@ -322,14 +321,14 @@ public class DoRevoke extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, eeSerialNumber, eeSubjectDN, - comments, locale[0]); + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, eeSerialNumber, eeSubjectDN, + comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; @@ -353,11 +352,11 @@ public class DoRevoke extends CMSServlet { if (error == null && authorized) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else if (!authorized) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); @@ -366,8 +365,8 @@ public class DoRevoke extends CMSServlet { cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -375,58 +374,53 @@ public class DoRevoke extends CMSServlet { /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before - * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records * @param revokeAll string containing information on all of the - * certificates to be revoked + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param eeSerialNumber string containing the end-entity certificate - * serial number + * serial number * @param eeSubjectDN string containing the end-entity certificate subject - * distinguished name (DN) + * distinguished name (DN) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String eeSerialNumber, - String eeSubjectDN, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String eeSerialNumber, + String eeSubjectDN, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -436,7 +430,7 @@ public class DoRevoke extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); + CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); long startTime = CMS.getCurrentDate().getTime(); try { @@ -483,16 +477,16 @@ public class DoRevoke extends CMSServlet { CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); continue; } - + if (xcert != null) { rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + xcert.getSerialNumber().toString(16)); if (eeSerialNumber != null && - (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && - rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && + rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -508,19 +502,19 @@ public class DoRevoke extends CMSServlet { throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " is already revoked."); + xcert.getSerialNumber().toString(16) + + " is already revoked."); } else if (eeSubjectDN != null && - (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { + (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " belongs to different subject."); + xcert.getSerialNumber().toString(16) + + " belongs to different subject."); } else { oldCertsV.addElement(xcert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -535,9 +529,7 @@ public class DoRevoke extends CMSServlet { Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -564,29 +556,28 @@ public class DoRevoke extends CMSServlet { for (int i = 0; i < certs.length; i++) { boolean addToList = false; - for (int j = 0; j < serialNumbers.size(); - j++) { + for (int j = 0; j < serialNumbers.size(); j++) { //xxxxx serial number in decimal? if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) && - eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { + eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { addToList = true; break; } } if (eeSerialNumber != null && - eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { + eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { authorized = true; } if (addToList) { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - certs[i].getSerialNumber().toString(16)); + certs[i].getSerialNumber().toString(16)); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -596,7 +587,7 @@ public class DoRevoke extends CMSServlet { } if (!authorized) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); + CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -622,12 +613,12 @@ public class DoRevoke extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - cert.getSerialNumber().toString(16)); + cert.getSerialNumber().toString(16)); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -636,8 +627,8 @@ public class DoRevoke extends CMSServlet { } } } - if (count == 0) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + if (count == 0) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -665,7 +656,7 @@ public class DoRevoke extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -680,7 +671,7 @@ public class DoRevoke extends CMSServlet { revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) + if (initiative.equals(AuditFormat.FROMUSER)) revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); else revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); @@ -713,7 +704,7 @@ public class DoRevoke extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -727,18 +718,18 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -751,10 +742,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -768,7 +759,7 @@ public class DoRevoke extends CMSServlet { audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -780,24 +771,24 @@ public class DoRevoke extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -806,15 +797,15 @@ public class DoRevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -822,23 +813,23 @@ public class DoRevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. - Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration<ICRLIssuingPoint> otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -857,31 +848,31 @@ public class DoRevoke extends CMSServlet { updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -889,8 +880,8 @@ public class DoRevoke extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -907,11 +898,11 @@ public class DoRevoke extends CMSServlet { // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -946,16 +937,16 @@ public class DoRevoke extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -965,9 +956,8 @@ public class DoRevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1001,10 +991,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1042,10 +1032,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1062,8 +1052,8 @@ public class DoRevoke extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure @@ -1084,10 +1074,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1110,11 +1100,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1140,11 +1130,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1163,30 +1153,30 @@ public class DoRevoke extends CMSServlet { // find out if the value is hex or decimal int value = -1; - + //try int - try { - value = Integer.parseInt(serialNumber,10); + try { + value = Integer.parseInt(serialNumber, 10); } catch (NumberFormatException e) { } - + //try hex - if( value == -1) { + if (value == -1) { try { - value = Integer.parseInt(serialNumber,16); + value = Integer.parseInt(serialNumber, 16); } catch (NumberFormatException e) { } } // give up if it isn't hex or dec - if ( value == -1) { + if (value == -1) { throw new NumberFormatException(); } // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - value); + value); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1196,11 +1186,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Request Type - * + * * This method is called to obtain the "Request Type" for * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1222,4 +1212,3 @@ public class DoRevoke extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index 12093661..a9f26754 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -89,12 +87,10 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); @@ -102,7 +98,8 @@ public class DoRevokeTPS extends CMSServlet { /** * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * file "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -132,15 +129,18 @@ public class DoRevokeTPS extends CMSServlet { /** * Serves HTTP request. The http parameters used by this request are as follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -174,7 +174,7 @@ public class DoRevokeTPS extends CMSServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); + CMS.debug("DoRevokeTPS getTemplate failed"); throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -215,17 +215,17 @@ public class DoRevokeTPS extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); @@ -242,11 +242,11 @@ public class DoRevokeTPS extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, req, - resp, revokeAll, totalRecordCount, comments, locale[0]); + resp, revokeAll, totalRecordCount, comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; @@ -260,10 +260,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -271,8 +271,8 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -280,50 +280,45 @@ public class DoRevokeTPS extends CMSServlet { /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before - * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param revokeAll string containing information on all of the - * certificates to be revoked + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -333,11 +328,10 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); @@ -345,9 +339,9 @@ public class DoRevokeTPS extends CMSServlet { serial = tokens[1]; //remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0,serial.length() -1); + serial = serial.substring(0, serial.length() - 1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -393,7 +387,7 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); @@ -403,20 +397,20 @@ public class DoRevokeTPS extends CMSServlet { if (xcert != null) { rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + xcert.getSerialNumber().toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); + CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked."); } else { oldCertsV.addElement(xcert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); + CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked."); count++; } } else { @@ -424,27 +418,27 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. if (alreadyRevokedCertFound == true && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); - audit(auditMessage); - return; + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -469,7 +463,7 @@ public class DoRevokeTPS extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -484,7 +478,7 @@ public class DoRevokeTPS extends CMSServlet { revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) { + if (initiative.equals(AuditFormat.FROMUSER)) { revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); } else { revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); @@ -518,7 +512,7 @@ public class DoRevokeTPS extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -532,18 +526,18 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -556,10 +550,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -573,7 +567,7 @@ public class DoRevokeTPS extends CMSServlet { audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -585,24 +579,24 @@ public class DoRevokeTPS extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -615,16 +609,16 @@ public class DoRevokeTPS extends CMSServlet { } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; } } } @@ -632,12 +626,12 @@ public class DoRevokeTPS extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. - Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration<ICRLIssuingPoint> otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -652,25 +646,25 @@ public class DoRevokeTPS extends CMSServlet { CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error="+error; + if (error != null) { + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -683,8 +677,8 @@ public class DoRevokeTPS extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -699,10 +693,10 @@ public class DoRevokeTPS extends CMSServlet { // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; o_status = "status=3"; } } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { @@ -712,7 +706,7 @@ public class DoRevokeTPS extends CMSServlet { } else { if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error="+stat.toString(); + errorString = "error=" + stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; @@ -743,16 +737,16 @@ public class DoRevokeTPS extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -762,9 +756,8 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -799,10 +792,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -819,8 +812,8 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure @@ -841,10 +834,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -867,11 +860,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -897,11 +890,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -920,7 +913,7 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -930,11 +923,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * + * * This method is called to obtain the "Request Type" for * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -956,4 +949,3 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e1791045..e5b3fe80 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Unrevoke' a certificate. (For certificates that are on-hold only, * take them off-hold) - * + * * @version $Revision$, $Date$ */ public class DoUnrevoke extends CMSServlet { @@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevoke() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,11 @@ public class DoUnrevoke extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -136,10 +130,10 @@ public class DoUnrevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -152,17 +146,17 @@ public class DoUnrevoke extends CMSServlet { //for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevoke::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevoke::process() - authToken is null!"); return; } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -171,10 +165,10 @@ public class DoUnrevoke extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -186,7 +180,7 @@ public class DoUnrevoke extends CMSServlet { } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -197,44 +191,39 @@ public class DoUnrevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before - * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param serialNumbers the serial number of the certificate @@ -245,11 +234,11 @@ public class DoUnrevoke extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + BigInteger[] serialNumbers, + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -265,8 +254,9 @@ public class DoUnrevoke extends CMSServlet { // certs are for old cloning and they should be removed as soon as possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList.append(", "); + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList.append(", "); snList.append("0x"); snList.append(serialNumbers[i].toString(16)); } @@ -310,15 +300,15 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "yes"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("unrevoked", "no"); @@ -328,29 +318,29 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("error", error); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } /****************************************************/ - + /* IMPORTANT: In the event that the following */ - + /* "throw error;" statement is */ - + /* uncommented, uncomment the following */ - + /* signed audit log message, also!!! */ - + /****************************************************/ // // store a message in the signed audit log file @@ -379,8 +369,8 @@ public class DoUnrevoke extends CMSServlet { } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -389,15 +379,15 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -405,22 +395,22 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -431,48 +421,48 @@ public class DoUnrevoke extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " yes "); + updateStatusStr + " yes "); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " no "); + updateStatusStr + " no "); header.addStringValue(updateStatusStr, "no"); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue( - updateErrorStr, error); + updateErrorStr, error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) { @@ -490,30 +480,30 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "pending"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("error", "Request Status.Error"); header.addStringValue("unrevoked", "no"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -521,9 +511,8 @@ public class DoUnrevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -557,10 +546,10 @@ public class DoUnrevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -580,7 +569,7 @@ public class DoUnrevoke extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -601,7 +590,7 @@ public class DoUnrevoke extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -617,11 +606,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -647,11 +636,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -670,7 +659,7 @@ public class DoUnrevoke extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -678,4 +667,3 @@ public class DoUnrevoke extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 8f46ee9c..65716c07 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.math.BigInteger; @@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Unrevoke' a certificate. (For certificates that are on-hold only, * take them off-hold) - * + * * @version $Revision$, $Date$ */ public class DoUnrevokeTPS extends CMSServlet { @@ -81,19 +79,18 @@ public class DoUnrevokeTPS extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevokeTPS() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,11 @@ public class DoUnrevokeTPS extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -133,16 +127,16 @@ public class DoUnrevokeTPS extends CMSServlet { Locale[] locale = new Locale[1]; -/* - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } -*/ + /* + try { + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + */ try { serialNumbers = getSerialNumbers(req); @@ -150,17 +144,17 @@ public class DoUnrevokeTPS extends CMSServlet { //for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevokeTPS::process() - authToken is null!"); return; - } + } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -169,17 +163,17 @@ public class DoUnrevokeTPS extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); o_status = "status=3"; errorString = "error=unauthorized"; - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -192,7 +186,7 @@ public class DoUnrevokeTPS extends CMSServlet { process(serialNumbers, req, resp, locale[0], initiative); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } catch (IOException e) { @@ -206,10 +200,10 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error="; } else { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -217,33 +211,28 @@ public class DoUnrevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before - * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold) * </ul> + * * @param serialNumbers the serial number of the certificate * @param req HTTP servlet request * @param resp HTTP servlet response @@ -252,10 +241,10 @@ public class DoUnrevokeTPS extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -271,8 +260,9 @@ public class DoUnrevokeTPS extends CMSServlet { // certs are for old cloning and they should be removed as soon as possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList += ", "; + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList += ", "; snList += "0x" + serialNumbers[i].toString(16); } @@ -313,76 +303,76 @@ public class DoUnrevokeTPS extends CMSServlet { if (result != null && result.equals(IRequest.RES_SUCCESS)) { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { String error = unrevReq.getExtDataInString(IRequest.ERROR); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) { o_status = "status=3"; - errorString = "error="+crlError; + errorString = "error=" + crlError; } } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { o_status = "status=3"; - errorString = "error="+publError; + errorString = "error=" + publError; } } } } // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -394,37 +384,37 @@ public class DoUnrevokeTPS extends CMSServlet { if (!updateResult.equals(IRequest.RES_SUCCESS)) { String updateErrorStr = crl.getCrlUpdateErrorStr(); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) { @@ -432,25 +422,25 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error=Problem in publishing to LDAP"; } } - } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) { + } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) { o_status = "status=3"; errorString = "error=LDAP Publisher not enabled"; } } else if (status == RequestStatus.PENDING) { o_status = "status=2"; - errorString = "error="+status.toString(); + errorString = "error=" + status.toString(); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { o_status = "status=2"; @@ -458,15 +448,15 @@ public class DoUnrevokeTPS extends CMSServlet { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -474,9 +464,8 @@ public class DoUnrevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -510,10 +499,10 @@ public class DoUnrevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -533,7 +522,7 @@ public class DoUnrevokeTPS extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -554,7 +543,7 @@ public class DoUnrevokeTPS extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -570,11 +559,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -600,11 +589,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -623,7 +612,7 @@ public class DoUnrevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -631,4 +620,3 @@ public class DoUnrevokeTPS extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java index b1d89426..2a143b66 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, enable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.DisableEnrollResult */ @@ -88,7 +86,7 @@ public class EnableEnrollResult extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -119,7 +117,7 @@ public class EnableEnrollResult extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,10 +128,10 @@ public class EnableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -162,7 +160,7 @@ public class EnableEnrollResult extends CMSServlet { String timeout = args.getValueAsString("timeout", "600"); mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000, - random.nextLong() + "", 0); + random.nextLong() + "", 0); header.addStringValue("code", "0"); } @@ -173,10 +171,10 @@ public class EnableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index 44d0c509..a717aa71 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -75,10 +74,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor; import com.netscape.cms.servlet.processors.PKCS10Processor; import com.netscape.cms.servlet.processors.PKIProcessor; - /** * Submit a Certificate Enrollment request - * + * * @version $Revision$, $Date$ */ public class EnrollServlet extends CMSServlet { @@ -90,8 +88,7 @@ public class EnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; // http params public static final String OLD_CERT_TYPE = "csrCertType"; @@ -116,8 +113,7 @@ public class EnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -126,55 +122,55 @@ public class EnrollServlet extends CMSServlet { private String auditServiceID = ILogger.UNIDENTIFIED; private final static String ADMIN_CA_ENROLLMENT_SERVLET = - "caadminEnroll"; + "caadminEnroll"; private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = - "cabulkissuance"; + "cabulkissuance"; private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = - "rabulkissuance"; + "rabulkissuance"; private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = - "cacertbasedenrollment"; + "cacertbasedenrollment"; private final static String EE_CA_ENROLLMENT_SERVLET = - "caenrollment"; + "caenrollment"; private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = - "racertbasedenrollment"; + "racertbasedenrollment"; private final static String EE_RA_ENROLLMENT_SERVLET = - "raenrollment"; + "raenrollment"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated non-profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated non-profile cert request rejection: " + "unable to render OLD_CERT_TYPE response", - - /* 1 */ "automated non-profile cert request rejection: " + + /* 1 */"automated non-profile cert request rejection: " + "unable to complete handleEnrollAuditLog() method", - - /* 2 */ "automated non-profile cert request rejection: " + + /* 2 */"automated non-profile cert request rejection: " + "unable to render success template", - - /* 3 */ "automated non-profile cert request rejection: " + + /* 3 */"automated non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - + public EnrollServlet() { super(); } /** - * initialize the servlet.<p> - * the following parameters are read from the servlet config: - * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages - * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * initialize the servlet. + * <p> + * the following parameters are read from the servlet config: + * <ul> + * <li>CMSServlet.PROP_ID - ID for signed audit log messages + * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -185,8 +181,8 @@ public class EnrollServlet extends CMSServlet { try { IConfigStore configStore = CMS.getConfigStore(); - String PKI_Subsystem = configStore.getString( "subsystem.0.id", - null ); + String PKI_Subsystem = configStore.getString("subsystem.0.id", + null); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -213,35 +209,35 @@ public class EnrollServlet extends CMSServlet { // The "EnrollServlet.java" servlet is NOT used by // the KRA. // - if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) { + if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) { String policyStatus = PKI_Subsystem.trim().toLowerCase() + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( configStore.getBoolean( policyStatus, true ) == true ) { + if (configStore.getBoolean(policyStatus, true) == true) { // NOTE: If "<subsystem>.Policy.enable=<boolean>" // is missing, then the referenced instance // existed prior to this name=value pair // existing in its 'CS.cfg' file, and thus // we err on the side that the user may // still need to use the policy framework. - CMS.debug( "EnrollServlet::init Certificate " + CMS.debug("EnrollServlet::init Certificate " + "Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { // CS 8.1 Default: <subsystem>.Policy.enable=false - CMS.debug( "EnrollServlet::init Certificate " + CMS.debug("EnrollServlet::init Certificate " + "Policy Framework (deprecated) " - + "is DISABLED" ); + + "is DISABLED"); return; } } - } catch( EBaseException e ) { - throw new ServletException( "EnrollServlet::init - " + } catch (EBaseException e) { + throw new ServletException("EnrollServlet::init - " + "EBaseException: " + "Unable to initialize " + "Certificate Policy Framework " - + "(deprecated)" ); + + "(deprecated)"); } // override success template to allow direct import of keygen certs. @@ -254,18 +250,18 @@ public class EnrollServlet extends CMSServlet { if (id != null) { if (!(auditServiceID.equals( ADMIN_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_CA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_ENROLLMENT_SERVLET))) { + && !(auditServiceID.equals( + AGENT_CA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + AGENT_RA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -282,7 +278,7 @@ public class EnrollServlet extends CMSServlet { if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -292,9 +288,9 @@ public class EnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", - e.toString(), mId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", + e.toString(), mId)); } } catch (ServletException eAudit1) { // rethrow caught exception @@ -302,46 +298,43 @@ public class EnrollServlet extends CMSServlet { } } - - /** - * XXX (SHOULD CHANGE TO READ FROM Servletconfig) - * Getter method to see if Proof of Posession checking is enabled. - * this value is set in the CMS.cfg filem with the parameter - * "enrollment.enforcePop". It defaults to false - * @return true if user is required to Prove that they possess the - * private key corresponding to the public key in the certificate - * request they are submitting - */ + /** + * XXX (SHOULD CHANGE TO READ FROM Servletconfig) + * Getter method to see if Proof of Posession checking is enabled. + * this value is set in the CMS.cfg filem with the parameter + * "enrollment.enforcePop". It defaults to false + * + * @return true if user is required to Prove that they possess the + * private key corresponding to the public key in the certificate + * request they are submitting + */ public boolean getEnforcePop() { return enforcePop; } /** - * Process the HTTP request. - * <UL><LI>If the request is coming through the admin port, it is only - * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file - * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is - * renamed with more information about the current request ID - * <LI>The request is preprocessed, then processed further in one - * of the cert request processor classes: KeyGenProcessor, PKCS10Processor, - * CMCProcessor, CRMFProcessor - * </UL> - * + * Process the HTTP request. + * <UL> + * <LI>If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file + * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about the current request ID + * <LI>The request is preprocessed, then processed further in one of the cert request processor classes: KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor + * </UL> + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { // SPECIAL CASE: // if it is adminEnroll servlet,check if it's enabled if (mId.equals(ADMIN_ENROLL_SERVLET_ID) && - !CMSGateway.getEnableAdminEnroll()) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); + !CMSGateway.getEnableAdminEnroll()) { + log(ILogger.LL_SECURITY, + CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); + CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); } - processX509(cmsReq); + processX509(cmsReq); } private boolean getCertAuthEnrollStatus(IArgBlock httpParams) { @@ -359,7 +352,7 @@ public class EnrollServlet extends CMSServlet { boolean certAuthEnroll = false; String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + httpParams.getValueAsString("certauthEnroll", null); if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { certAuthEnroll = true; @@ -371,7 +364,7 @@ public class EnrollServlet extends CMSServlet { } private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll) - throws EBaseException { + throws EBaseException { String certauthEnrollType = null; @@ -387,53 +380,53 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: certauthEnrollType is single"); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - + return certauthEnrollType; - + } private boolean checkClientCertSigningOnly(X509Certificate sslClientCert) - throws EBaseException { + throws EBaseException { if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } return true; } - + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, - ICertificateAuthority mCa, String certBasedOldSubjectDN, - BigInteger certBasedOldSerialNum) - throws EBaseException { - + ICertificateAuthority mCa, String certBasedOldSubjectDN, + BigInteger certBasedOldSerialNum) + throws EBaseException { + CMS.debug("EnrollServlet: In handleCertAuthDual!"); - + if (mCa == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a @@ -456,20 +449,20 @@ public class EnrollServlet extends CMSServlet { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); int size = list.getSize(); Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -482,8 +475,8 @@ public class EnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; boolean encCertFound = false; @@ -494,7 +487,7 @@ public class EnrollServlet extends CMSServlet { // if not encryption cert only, try next one if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && + ((CMS.isEncryptionCert(cert) == true) && (CMS.isSigningCert(cert) == true))) { CMS.debug("EnrollServlet: Not encryption only cert, will try next one."); @@ -508,27 +501,27 @@ public class EnrollServlet extends CMSServlet { try { encCertInfo = (X509CertInfo) cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); } try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!"); @@ -545,13 +538,13 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length); return cInfoArray; - } + } } private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken, - X509CertInfo certInfo, long startTime) - throws EBaseException { + X509CertInfo certInfo, long startTime) + throws EBaseException { //for audit log String initiative = null; @@ -563,7 +556,7 @@ public class EnrollServlet extends CMSServlet { } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); @@ -584,54 +577,54 @@ public class EnrollServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString() } + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } } else { // other imcomplete status long endTime = CMS.getCurrentDate().getTime(); mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" } + ); } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } return false; } @@ -643,7 +636,7 @@ public class EnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -657,26 +650,26 @@ public class EnrollServlet extends CMSServlet { // audit log the error try { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), "" + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" } - ); + ); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } } @@ -693,29 +686,23 @@ public class EnrollServlet extends CMSServlet { /** * Process X509 certificate enrollment request * <P> - * - * (Certificate Request - either an "admin" cert request for an admin - * certificate, an "agent" cert request for "bulk enrollment", or - * an "EE" standard cert request) + * + * (Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for "bulk enrollment", or an "EE" standard cert request) * <P> - * - * (Certificate Request Processed - either an automated "admin" non-profile - * based CA admin cert acceptance, an automated "admin" non-profile based - * CA admin cert rejection, an automated "EE" non-profile based cert - * acceptance, or an automated "EE" non-profile based cert rejection) + * + * (Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance, or an automated "EE" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @exception EBaseException an error has occurred */ - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -733,7 +720,7 @@ public class EnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); - /* XXX shouldn't we read this from ServletConfig at init time? */ + /* XXX shouldn't we read this from ServletConfig at init time? */ enforcePop = configStore.getBoolean("enrollment.enforcePop", false); CMS.debug("EnrollServlet: enforcePop " + enforcePop); @@ -743,7 +730,7 @@ public class EnrollServlet extends CMSServlet { startTime = CMS.getCurrentDate().getTime(); httpParams = cmsReq.getHttpParams(); httpReq = cmsReq.getHttpReq(); - if (mAuthMgr != null) { + if (mAuthMgr != null) { authToken = authenticate(cmsReq); } @@ -752,10 +739,10 @@ public class EnrollServlet extends CMSServlet { mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -791,14 +778,14 @@ public class EnrollServlet extends CMSServlet { } try { - if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { - String currentName = Thread.currentThread().getName(); + if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { + String currentName = Thread.currentThread().getName(); Thread.currentThread().setName(currentName - + "-request-" - + req.getRequestId().toString() - + "-" - + (new Date()).getTime()); + + "-request-" + + req.getRequestId().toString() + + "-" + + (new Date()).getTime()); } } catch (Exception e) { } @@ -844,7 +831,7 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: In EnrollServlet.processX509!"); CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll); CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType); - + String challengePassword = httpParams.getValueAsString( "challengePassword", ""); @@ -865,7 +852,7 @@ public class EnrollServlet extends CMSServlet { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, @@ -882,7 +869,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } certBasedOldSubjectDN = (String) @@ -904,10 +891,10 @@ public class EnrollServlet extends CMSServlet { try { certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, @@ -924,14 +911,14 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { CMS.debug("EnrollServlet: No CertAuthEnroll."); certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; X509CertInfo authCertInfo = null; String authMgr = AuditFormat.NOAUTH; @@ -943,12 +930,12 @@ public class EnrollServlet extends CMSServlet { // don't store agent token in request. // agent currently used for bulk issuance. // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); PKIProcessor.fillCertInfoFromAuthToken(certInfo, - authToken); + authToken); // save authtoken attrs to request directly // (for policy use) saveAuthToken(authToken, req); @@ -964,8 +951,8 @@ public class EnrollServlet extends CMSServlet { // "from ssl client cert"); if (authToken == null) { // authToken is null, can't match to anyone; bail! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, @@ -1039,24 +1026,23 @@ public class EnrollServlet extends CMSServlet { ex.printStackTrace(); } } - + String cmc = null; String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null); - - if(asciiBASE64Blob!=null) - { - int startIndex = asciiBASE64Blob.indexOf(HEADER); - int endIndex = asciiBASE64Blob.indexOf(TRAILER); - if (startIndex!= -1 && endIndex!=-1) { - startIndex = startIndex + HEADER.length(); - cmc=asciiBASE64Blob.substring(startIndex, endIndex); - }else - cmc = asciiBASE64Blob; - CMS.debug("EnrollServlet: cmc " + cmc); + + if (asciiBASE64Blob != null) { + int startIndex = asciiBASE64Blob.indexOf(HEADER); + int endIndex = asciiBASE64Blob.indexOf(TRAILER); + if (startIndex != -1 && endIndex != -1) { + startIndex = startIndex + HEADER.length(); + cmc = asciiBASE64Blob.substring(startIndex, endIndex); + } else + cmc = asciiBASE64Blob; + CMS.debug("EnrollServlet: cmc " + cmc); } - + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); - + CMS.debug("EnrollServlet: crmf " + crmf); if (certAuthEnroll == true) { @@ -1066,7 +1052,7 @@ public class EnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { - CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); + CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); boolean gotEncCert = false; X509CertInfo[] cInfoArray = null; @@ -1103,8 +1089,8 @@ public class EnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage( + "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); // store a message in the signed audit log file // (either an "admin" cert request for an admin @@ -1121,7 +1107,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { @@ -1158,12 +1144,12 @@ public class EnrollServlet extends CMSServlet { this); keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + authToken, httpParams); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } else if (crmf != null && crmf != "") { CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); @@ -1173,13 +1159,13 @@ public class EnrollServlet extends CMSServlet { req); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin @@ -1196,7 +1182,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { @@ -1208,13 +1194,13 @@ public class EnrollServlet extends CMSServlet { this); keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + authToken, httpParams); } else if (pkcs10 != null) { PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this); pkcs10Proc.fillCertInfo(pkcs10, certInfo, - authToken, httpParams); + authToken, httpParams); } else if (cmc != null && cmc != "") { CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); @@ -1230,9 +1216,9 @@ public class EnrollServlet extends CMSServlet { httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin @@ -1249,10 +1235,10 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } } else if (keyGenInfo != null) { @@ -1279,9 +1265,9 @@ public class EnrollServlet extends CMSServlet { certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, @@ -1300,28 +1286,26 @@ public class EnrollServlet extends CMSServlet { throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - // if ca, fill in default signing alg here - + try { - ICertificateAuthority caSub = - (ICertificateAuthority) CMS.getSubsystem("ca"); - if (certInfoArray != null && caSub != null) { - for (int ix = 0; ix < certInfoArray.length; ix++) { - X509CertInfo ci = (X509CertInfo)certInfoArray[ix]; - String defaultSig = caSub.getDefaultAlgorithm(); - AlgorithmId algid = AlgorithmId.get(defaultSig); - ci.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algid)); + ICertificateAuthority caSub = + (ICertificateAuthority) CMS.getSubsystem("ca"); + if (certInfoArray != null && caSub != null) { + for (int ix = 0; ix < certInfoArray.length; ix++) { + X509CertInfo ci = (X509CertInfo) certInfoArray[ix]; + String defaultSig = caSub.getDefaultAlgorithm(); + AlgorithmId algid = AlgorithmId.get(defaultSig); + ci.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algid)); + } } - } } catch (Exception e) { - CMS.debug("Failed to set signing alg to certinfo " + e.toString()); + CMS.debug("Failed to set signing alg to certinfo " + e.toString()); } req.setExtData(IRequest.CERT_INFO, certInfoArray); - if (challengePassword != null && !challengePassword.equals("")) { String pwd = hashPassword(challengePassword); @@ -1379,7 +1363,7 @@ public class EnrollServlet extends CMSServlet { issuedCerts = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + IRequest.ISSUED_CERTS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed @@ -1449,27 +1433,27 @@ public class EnrollServlet extends CMSServlet { // audit log the success. long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] - { req.getRequestId(), - initiative, - mAuthMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16) + - " time: " + - (endTime - startTime) } - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] + { req.getRequestId(), + initiative, + mAuthMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) + + " time: " + + (endTime - startTime) } + ); // handle initial admin enrollment if in adminEnroll mode. checkAdminEnroll(cmsReq, issuedCerts); // return cert as mime type binary if requested. if (checkImportCertToNav(cmsReq.getHttpResp(), - httpParams, issuedCerts[0])) { + httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { @@ -1490,10 +1474,10 @@ public class EnrollServlet extends CMSServlet { // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") @@ -1508,10 +1492,10 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", - mEnrollSuccessFiller.toString(), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", + mEnrollSuccessFiller.toString(), + e.toString())); // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( @@ -1525,7 +1509,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -1548,10 +1532,10 @@ public class EnrollServlet extends CMSServlet { /** * check if this is first enroll from admin enroll. - * If so disable admin enroll from here on. + * If so disable admin enroll from here on. */ protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + throws EBaseException { // this is special case, get the admin certificate if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { addAdminAgent(cmsReq, issuedCerts); @@ -1559,8 +1543,8 @@ public class EnrollServlet extends CMSServlet { } } - protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) + throws EBaseException { String userid = cmsReq.getHttpParams().getValueAsString("uid"); IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -1571,13 +1555,13 @@ public class EnrollServlet extends CMSServlet { ug.addUserCert(adminuser); } catch (netscape.ldap.LDAPException e) { CMS.debug( - "EnrollServlet: Cannot add admin's certificate to its entry in the " + - "user group database. Error " + e); + "EnrollServlet: Cannot add admin's certificate to its entry in the " + + "user group database. Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); } - IGroup agentGroup = - ug.getGroupFromName(CA_AGENT_GROUP); + IGroup agentGroup = + ug.getGroupFromName(CA_AGENT_GROUP); if (agentGroup != null) { // add user to the group if necessary @@ -1585,15 +1569,15 @@ public class EnrollServlet extends CMSServlet { agentGroup.addMemberName(userid); ug.modifyGroup(agentGroup); mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {userid, userid, CA_AGENT_GROUP} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { userid, userid, CA_AGENT_GROUP } + ); } } else { String msg = "Cannot add admin to the " + - CA_AGENT_GROUP + - " group: Group does not exist."; + CA_AGENT_GROUP + + " group: Group does not exist."; CMS.debug("EnrollServlet: " + msg); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); @@ -1635,19 +1619,19 @@ public class EnrollServlet extends CMSServlet { out.println("<P>"); out.println("<PRE>"); X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); + CMS.getEncodedCert(certs[0]) + ">"); } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); @@ -1664,11 +1648,11 @@ public class EnrollServlet extends CMSServlet { out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); @@ -1683,21 +1667,21 @@ public class EnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - // include all the input data - ArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data + * ArgBlock args = cmsReq.getHttpParams(); + * Enumeration ele = args.getElements(); + * while (ele.hasMoreElements()) { + * String eleT = (String)ele.nextElement(); + * out.println("<!HTTP_INPUT " + eleT + "=" + + * args.get(eleT) + ">"); + * } **/ out.println("</HTML>"); @@ -1712,18 +1696,18 @@ public class EnrollServlet extends CMSServlet { private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1776,4 +1760,3 @@ public class EnrollServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java index a723cb52..fca81ff4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * Retrieve certificate by serial number. * @@ -83,10 +81,11 @@ public class GetBySerial extends CMSServlet { super(); } - /** + /** * Initialize the servlet. This servlet uses the template file - * "ImportCert.template" to import the cert to the users browser, - * if that is what the user requested + * "ImportCert.template" to import the cert to the users browser, + * if that is what the user requested + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber serial number of certificate in HEX + * <li>http.param serialNumber serial number of certificate in HEX * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -139,10 +138,10 @@ public class GetBySerial extends CMSServlet { mAuthzResourceName, "import"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -160,18 +159,18 @@ public class GetBySerial extends CMSServlet { serialNo = null; } if (serial == null || serialNo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); + CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); cmsReq.setStatus(CMSRequest.ERROR); return; } ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); cmsReq.setError(new ECMSGWException( CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); cmsReq.setStatus(CMSRequest.ERROR); @@ -181,37 +180,37 @@ public class GetBySerial extends CMSServlet { // if RA, needs requestOwner to match // first, find the user's group if (authToken != null) { - String group = authToken.getInString("group"); - - if ((group != null) && (group != "")) { - CMS.debug("GetBySerial process: auth group="+group); - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - // find the cert record's orig. requestor's group - MetaInfo metai = certRecord.getMetaInfo(); - if (metai != null) { - String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); - RequestId rid = new RequestId(reqId); - IRequest creq = mReqQ.findRequest(rid); - if (creq != null) { - String reqOwner = creq.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetBySerial process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } + String group = authToken.getInString("group"); + + if ((group != null) && (group != "")) { + CMS.debug("GetBySerial process: auth group=" + group); + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + // find the cert record's orig. requestor's group + MetaInfo metai = certRecord.getMetaInfo(); + if (metai != null) { + String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); + RequestId rid = new RequestId(reqId); + IRequest creq = mReqQ.findRequest(rid); + if (creq != null) { + String reqOwner = creq.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetBySerial process: req owner=" + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + } + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); + cmsReq.setStatus(CMSRequest.ERROR); + return; + } } - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); - cmsReq.setStatus(CMSRequest.ERROR); - return; - } } - } } X509CertImpl cert = certRecord.getCertificate(); @@ -224,7 +223,7 @@ public class GetBySerial extends CMSServlet { IArgBlock ctx = CMS.createArgBlock(); Locale[] locale = new Locale[1]; CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -236,7 +235,7 @@ public class GetBySerial extends CMSServlet { userChain[0] = cert; PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { @@ -246,7 +245,7 @@ public class GetBySerial extends CMSServlet { byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - + header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str)); try { CMSTemplate form = getTemplate(mIETemplate, req, locale); @@ -256,16 +255,16 @@ public class GetBySerial extends CMSServlet { form.renderOutput(out, argSet); return; } catch (Exception ee) { - CMS.debug("GetBySerial process: Exception="+ee.toString()); + CMS.debug("GetBySerial process: Exception=" + ee.toString()); } } //browser is IE - + MetaInfo metai = certRecord.getMetaInfo(); String crmfReqId = null; if (metai != null) { crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID); - if (crmfReqId != null) + if (crmfReqId != null) cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId); } @@ -294,8 +293,7 @@ public class GetBySerial extends CMSServlet { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - + return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java index b765a2cb..ae759949 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java @@ -15,10 +15,9 @@ // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.cert; +package com.netscape.cms.servlet.cert; - - import java.io.ByteArrayOutputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -49,236 +48,237 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - - /** - * Retrieve the Certificates comprising the CA Chain for this CA. - * - * @version $Revision$, $Date$ - */ - public class GetCAChain extends CMSServlet { - /** +/** + * Retrieve the Certificates comprising the CA Chain for this CA. + * + * @version $Revision$, $Date$ + */ +public class GetCAChain extends CMSServlet { + /** * */ - private static final long serialVersionUID = -8189048155415074581L; - private final static String TPL_FILE = "displayCaCert.template"; - private String mFormPath = null; - - public GetCAChain() { - super(); - } - - /** - * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - - // override success to display own output. - mTemplates.remove(CMSRequest.SUCCESS); - // coming from ee - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components - * </ul> - * @param cmsReq the object holding the request and response information - */ - protected void process(CMSRequest cmsReq) - throws EBaseException { - HttpServletRequest httpReq = cmsReq.getHttpReq(); - HttpServletResponse httpResp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - // Construct an ArgBlock - IArgBlock args = cmsReq.getHttpParams(); - - // Get the operation code - String op = null; - - op = args.getValueAsString("op", null); - if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - - AuthzToken authzToken = null; - - if (op.startsWith("download")) { - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - downloadChain(op, args, httpReq, httpResp, cmsReq); - } else if (op.startsWith("display")) { - try { - authzToken = mAuthz.authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - displayChain(op, args, httpReq, httpResp, cmsReq); - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); - } - // cmsReq.setResult(null); - return; - } - - private void downloadChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - - /* check browser info ? */ - - /* check if pkcs7 will work for both nav and ie */ - - byte[] bytes = null; - - /* - * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. - * This means that we can only hand out the root CA, and not - * the whole chain. - */ - - if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { - X509Certificate[] caCerts = - ((ICertAuthority) mAuthority).getCACertChain().getChain(); - - try { - bytes = caCerts[0].getEncoded(); - } catch (CertificateEncodingException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); - } - } else { - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); - } - - try { - ByteArrayOutputStream encoded = new ByteArrayOutputStream(); - - certChain.encode(encoded, false); - bytes = encoded.toByteArray(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); - } - } - - String mimeType = null; - - if (op.equals("downloadBIN")) { - mimeType = "application/octet-stream"; - } else { - try { - mimeType = args.getValueAsString("mimeType"); - } catch (EBaseException e) { - mimeType = "application/octet-stream"; - } - } - - try { - if (op.equals("downloadBIN")) { - // file suffixes changed to comply with RFC 5280 - // requirements for AIA extensions - if (clientIsMSIE(httpReq)) { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.cer"); - } else { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.p7c"); - } - } - httpResp.setContentType(mimeType); - httpResp.getOutputStream().write(bytes); - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().flush(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); - } - } - - private void displayChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - String outputString = null; - - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; + private static final long serialVersionUID = -8189048155415074581L; + private final static String TPL_FILE = "displayCaCert.template"; + private String mFormPath = null; + + public GetCAChain() { + super(); + } + + /** + * initialize the servlet. + * + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + super.init(sc); + + // override success to display own output. + mTemplates.remove(CMSRequest.SUCCESS); + // coming from ee + mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; + } + + /** + * Process the HTTP request. + * <ul> + * <li>http.param op 'downloadBIN' - return the binary certificate chain + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * </ul> + * + * @param cmsReq the object holding the request and response information + */ + protected void process(CMSRequest cmsReq) + throws EBaseException { + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + IAuthToken authToken = authenticate(cmsReq); + + // Construct an ArgBlock + IArgBlock args = cmsReq.getHttpParams(); + + // Get the operation code + String op = null; + + op = args.getValueAsString("op", null); + if (op == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); + } + + cmsReq.setStatus(CMSRequest.SUCCESS); + + AuthzToken authzToken = null; + + if (op.startsWith("download")) { + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + downloadChain(op, args, httpReq, httpResp, cmsReq); + } else if (op.startsWith("display")) { + try { + authzToken = mAuthz.authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + displayChain(op, args, httpReq, httpResp, cmsReq); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + } + // cmsReq.setResult(null); + return; + } + + private void downloadChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + + /* check browser info ? */ + + /* check if pkcs7 will work for both nav and ie */ + + byte[] bytes = null; + + /* + * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. + * This means that we can only hand out the root CA, and not + * the whole chain. + */ + + if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { + X509Certificate[] caCerts = + ((ICertAuthority) mAuthority).getCACertChain().getChain(); + + try { + bytes = caCerts[0].getEncoded(); + } catch (CertificateEncodingException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); + } + } else { + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); + } + + try { + ByteArrayOutputStream encoded = new ByteArrayOutputStream(); + + certChain.encode(encoded, false); + bytes = encoded.toByteArray(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + } + } + + String mimeType = null; + + if (op.equals("downloadBIN")) { + mimeType = "application/octet-stream"; + } else { + try { + mimeType = args.getValueAsString("mimeType"); + } catch (EBaseException e) { + mimeType = "application/octet-stream"; + } + } + + try { + if (op.equals("downloadBIN")) { + // file suffixes changed to comply with RFC 5280 + // requirements for AIA extensions + if (clientIsMSIE(httpReq)) { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.cer"); + } else { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.p7c"); + } + } + httpResp.setContentType(mimeType); + httpResp.getOutputStream().write(bytes); + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().flush(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + } + } + + private void displayChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + String outputString = null; + + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + if (mOutputTemplatePath != null) + mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -306,7 +306,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; byte[] bytes = null; try { - subjectdn = + subjectdn = certChain.getFirstCertificate().getSubjectDN().toString(); ByteArrayOutputStream encoded = new ByteArrayOutputStream(); @@ -315,14 +315,14 @@ import com.netscape.cms.servlet.common.ECMSGWException; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } String chainBase64 = getBase64(bytes); header.addStringValue("subjectdn", subjectdn); header.addStringValue("chainBase64", chainBase64); - } else { + } else { try { X509Certificate[] certs = certChain.getChain(); @@ -339,13 +339,13 @@ import com.netscape.cms.servlet.common.ECMSGWException; String subjectdn = certs[i].getSubjectDN().toString(); String finger = null; try { - finger = CMS.getFingerPrints(certs[i]); + finger = CMS.getFingerPrints(certs[i]); } catch (Exception e) { throw new IOException("Internal Error"); } - ICertPrettyPrint certDetails = - CMS.getCertPrettyPrint((X509CertImpl) certs[i]); + ICertPrettyPrint certDetails = + CMS.getCertPrettyPrint((X509CertImpl) certs[i]); IArgBlock rarg = CMS.createArgBlock(); @@ -353,14 +353,14 @@ import com.netscape.cms.servlet.common.ECMSGWException; rarg.addStringValue("subjectdn", subjectdn); rarg.addStringValue("base64", getBase64(bytes)); rarg.addStringValue("certDetails", - certDetails.toString(locale[0])); + certDetails.toString(locale[0])); argSet.addRepeatRecord(rarg); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); } } @@ -371,10 +371,10 @@ import com.netscape.cms.servlet.common.ECMSGWException; form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 2bbec482..21a0c1d2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,15 +78,14 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -100,10 +98,10 @@ public class GetCRL extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -117,7 +115,7 @@ public class GetCRL extends CMSServlet { if (!(mAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,14 +123,14 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath before getTemplate = "+mFormPath); + CMS.debug("**** mFormPath before getTemplate = " + mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -150,14 +148,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -165,23 +163,24 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) + crlIP = ca.getCRLIssuingPoint(crlId); try { crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -201,12 +200,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } if ((op.equals("checkCRLcache") || - (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && - (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { + (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && + (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { cmsReq.setError( - CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? - "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ? + "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -214,26 +213,26 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); byte[] crlbytes = null; if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("deltaCRL"))) { + (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); } else if (op.equals("importCRL") || op.equals("getCRL") || op.equals("checkCRL") || (op.equals("displayCRL") && - crlDisplayType != null && + crlDisplayType != null && (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("crlHeader") || crlDisplayType.equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } + } if (crlbytes == null && (!op.equals("checkCRLcache")) && - (!(op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + (!(op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -242,15 +241,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); X509CRLImpl crl = null; if (op.equals("checkCRL") || op.equals("importCRL") || - op.equals("importDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded") || - crlDisplayType.equals("deltaCRL")))) { + op.equals("importDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded") || + crlDisplayType.equals("deltaCRL")))) { try { if (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("crlHeader")) { + crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); @@ -258,25 +257,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && - crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && - ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && - (crlRecord.getCRLNumber() == null || - crlRecord.getDeltaCRLNumber() == null || - crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || - crlRecord.getDeltaCRLSize() == null || + crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && + ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && + (crlRecord.getCRLNumber() == null || + crlRecord.getDeltaCRLNumber() == null || + crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || + crlRecord.getDeltaCRLSize() == null || crlRecord.getDeltaCRLSize().longValue() == -1))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; @@ -300,13 +299,13 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? - CMS.getCRLPrettyPrint(crl): + ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ? + CMS.getCRLPrettyPrint(crl) : CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -315,22 +314,23 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; header.addStringValue("crlPrettyPrint", crlDetails.toString(locale[0], - lCRLSize, lPageStart, lPageSize)); + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0])); + "crlPrettyPrint", crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); @@ -365,12 +365,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); @@ -413,10 +413,10 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -428,15 +428,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=" + crlId + ".crl"); + "attachment; filename=" + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { @@ -450,7 +450,7 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 5909bc4b..4d1fe7b9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Gets a issued certificate from a request id. - * + * Gets a issued certificate from a request id. + * * @version $Revision$, $Date$ */ public class GetCertFromRequest extends CMSServlet { @@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet { */ private static final long serialVersionUID = 5310646832256611066L; private final static String PROP_IMPORT = "importCert"; - protected static final String - GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; - protected static final String - DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; + protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; + protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; protected static final String REQUEST_ID = "requestId"; protected static final String CERT_TYPE = "certtype"; - protected String mCertFrReqSuccessTemplate = null; + protected String mCertFrReqSuccessTemplate = null; protected ICMSTemplateFiller mCertFrReqFiller = null; protected IRequestQueue mQueue = null; protected boolean mImportCert = true; - public GetCertFromRequest() { + public GetCertFromRequest() { super(); } /** * initialize the servlet. This servlet uses the template files - * "displayCertFromRequest.template" and "ImportCert.template" + * "displayCertFromRequest.template" and "ImportCert.template" + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,23 +99,23 @@ public class GetCertFromRequest extends CMSServlet { if (mImportCert) defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE; - else + else defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE; if (mAuthority instanceof IRegistrationAuthority) defTemplate = "/ra/" + defTemplate; - else + else defTemplate = "/ca/" + defTemplate; mCertFrReqSuccessTemplate = sc.getInitParameter( PROP_SUCCESS_TEMPLATE); if (mCertFrReqSuccessTemplate == null) mCertFrReqSuccessTemplate = defTemplate; String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mCertFrReqFiller = filler; } else { mCertFrReqFiller = new CertFrRequestFiller(); @@ -126,22 +123,21 @@ public class GetCertFromRequest extends CMSServlet { } catch (Exception e) { // should never happen. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param requestId The request ID to search on + * <li>http.param requestId The request ID to search on * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -154,10 +150,10 @@ public class GetCertFromRequest extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -165,7 +161,7 @@ public class GetCertFromRequest extends CMSServlet { return; } - String requestId = httpParams.getValueAsString(REQUEST_ID, null); + String requestId = httpParams.getValueAsString(REQUEST_ID, null); if (requestId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); @@ -185,51 +181,51 @@ public class GetCertFromRequest extends CMSServlet { if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - //if RA, group and requestOwner must match - String group = authToken.getInString("group"); - if ((group != null) && (group != "") && - group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String reqOwner = r.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetCertFromRequest process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - CMS.debug("RA group unmatched"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + //if RA, group and requestOwner must match + String group = authToken.getInString("group"); + if ((group != null) && (group != "") && + group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String reqOwner = r.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetCertFromRequest process: req owner=" + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + CMS.debug("RA group unmatched"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + } } - } } if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); } RequestStatus status = r.getRequestStatus(); if (!status.equals(RequestStatus.COMPLETE)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); } Integer result = r.getExtDataInInteger(IRequest.RESULT); if (result != null && !result.equals(IRequest.RES_SUCCESS)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); } Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); @@ -242,19 +238,19 @@ public class GetCertFromRequest extends CMSServlet { o = certs; } if (o == null || !(o instanceof X509CertImpl[])) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } if (o instanceof X509CertImpl[]) { X509CertImpl[] certs = (X509CertImpl[]) o; if (certs == null || certs.length == 0 || certs[0] == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } // for importsCert to get the crmf_reqid. @@ -263,7 +259,7 @@ public class GetCertFromRequest extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); if (mImportCert && - checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { + checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { return; } try { @@ -271,26 +267,25 @@ public class GetCertFromRequest extends CMSServlet { renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", - mCertFrReqSuccessTemplate, e.toString())); + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + mCertFrReqSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } } - class CertFrRequestFiller extends ImportCertsTemplateFiller { public CertFrRequestFiller() { } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { - CMSTemplateParams tparams = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { + CMSTemplateParams tparams = + super.getTemplateParams(cmsReq, authority, locale, e); String reqId = cmsReq.getHttpParams().getValueAsString( GetCertFromRequest.REQUEST_ID); @@ -329,11 +324,11 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller { } if (ext instanceof KeyUsageExtension) { KeyUsageExtension usage = - (KeyUsageExtension) ext; + (KeyUsageExtension) ext; try { if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e0) { // bug356108: diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java index 8b5536ea..e589cc06 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Servlet to get the enrollment status, enable or disable. - * + * * @version $Revision$, $Date$ */ public class GetEnableStatus extends CMSServlet { @@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet { } /** - * initialize the servlet. + * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -80,15 +79,15 @@ public class GetEnableStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -115,7 +114,7 @@ public class GetEnableStatus extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", - mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -164,10 +163,10 @@ public class GetEnableStatus extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java index 9d83d430..7217435a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get detailed information about CA CRL processing - * + * * @version $Revision$, $Date$ */ public class GetInfo extends CMSServlet { @@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet { } /** - * XXX Process the HTTP request. + * XXX Process the HTTP request. * <ul> * <li>http.param template filename of template to use to render the result * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -109,10 +108,10 @@ public class GetInfo extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -129,35 +128,34 @@ public class GetInfo extends CMSServlet { String template = req.getParameter("template"); String formFile = ""; -/* - for (int i = 0; ((template != null) && (i < template.length())); i++) { - char c = template.charAt(i); - if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { - template = null; - break; - } - } -*/ - + /* + for (int i = 0; ((template != null) && (i < template.length())); i++) { + char c = template.charAt(i); + if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { + template = null; + break; + } + } + */ if (template != null) { formFile = template + ".template"; } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("*** formFile = "+formFile); + CMS.debug("*** formFile = " + formFile); try { form = getTemplate(formFile, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,29 +170,29 @@ CMS.debug("*** formFile = "+formFile); if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { if (mCA != null) { String crlIssuingPoints = ""; String crlNumbers = ""; @@ -209,15 +207,15 @@ CMS.debug("*** formFile = "+formFile); String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); - + if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { ICRLRepository crlRepository = mCA.getCRLRepository(); Vector ipNames = crlRepository.getIssuingPointsNames(); for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); ICRLIssuingPointRecord crlRecord = null; try { crlRecord = crlRepository.readCRLIssuingPointRecord(ipName); @@ -236,8 +234,8 @@ CMS.debug("*** formFile = "+formFile); if (crlSizes.length() > 0) crlSizes += "+"; - crlSizes += ((crlRecord.getCRLSize() != null)? - crlRecord.getCRLSize().toString(): "-1"); + crlSizes += ((crlRecord.getCRLSize() != null) ? + crlRecord.getCRLSize().toString() : "-1"); if (deltaSizes.length() > 0) deltaSizes += "+"; @@ -307,7 +305,7 @@ CMS.debug("*** formFile = "+formFile); recentChanges += "Publishing CRL #" + ip.getCRLNumber(); } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) { recentChanges += "Creating CRL #" + ip.getNextCRLNumber(); - } else { // ip.CRL_UPDATE_DONE + } else { // ip.CRL_UPDATE_DONE recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " + ip.getNumberOfRecentlyUnrevokedCerts() + ", " + ip.getNumberOfRecentlyExpiredCerts(); @@ -326,7 +324,7 @@ CMS.debug("*** formFile = "+formFile); if (crlTesting.length() > 0) crlTesting += "+"; - crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0"); + crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0"); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 5507cadf..955f8a86 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -100,8 +98,7 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; // http params public static final String OLD_CERT_TYPE = "csrCertType"; @@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -146,13 +143,13 @@ public class HashEnrollServlet extends CMSServlet { CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -162,19 +159,18 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -193,7 +189,7 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -226,14 +222,15 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else {; - } + } else { + ; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -253,9 +250,9 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -267,16 +264,16 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -296,7 +293,7 @@ public class HashEnrollServlet extends CMSServlet { boolean certAuthEnroll = false; String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + httpParams.getValueAsString("certauthEnroll", null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -307,7 +304,7 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = + certauthEnrollType = httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { @@ -318,15 +315,15 @@ public class HashEnrollServlet extends CMSServlet { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } @@ -365,7 +362,7 @@ public class HashEnrollServlet extends CMSServlet { if (sslClientCert == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); @@ -373,24 +370,24 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; //AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -405,14 +402,14 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); // don't store agent token in request. // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); @@ -421,8 +418,8 @@ public class HashEnrollServlet extends CMSServlet { } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = - httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = + httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -441,8 +438,8 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = - httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = + httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -452,24 +449,24 @@ public class HashEnrollServlet extends CMSServlet { if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a // signing only cert if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -478,22 +475,22 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, - null, 10); + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + ICertRecordList list = + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, + null, 10); int size = list.getSize(); Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -502,8 +499,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; while (en.hasMoreElements()) { @@ -512,7 +509,7 @@ public class HashEnrollServlet extends CMSServlet { // if not encryption cert only, try next one if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && + ((CMS.isEncryptionCert(cert) == true) && (CMS.isSigningCert(cert) == true))) { continue; } @@ -521,27 +518,27 @@ public class HashEnrollServlet extends CMSServlet { try { encCertInfo = (X509CertInfo) cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -555,24 +552,24 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a // signing only cert if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -581,14 +578,14 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug( - "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); + "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -596,21 +593,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -648,7 +645,7 @@ public class HashEnrollServlet extends CMSServlet { } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); @@ -668,52 +665,52 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()}, - ILogger.L_MULTILINE - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString() }, + ILogger.L_MULTILINE + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -725,7 +722,7 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -738,26 +735,26 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } } } @@ -768,53 +765,53 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); X509CertImpl[] issuedCerts = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) } + ); // return cert as mime type binary if requested. if (checkImportCertToNav( - cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { + cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, + * overriding what was in pkcs10. + * fill subject name, extensions from http input if not authenticated. + * requests not authenticated will need to be approved by an agent. */ protected void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -822,89 +819,89 @@ public class HashEnrollServlet extends CMSServlet { // subject name. try { String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } protected X509CertInfo[] fillCRMF( - String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); - + new ByteArrayInputStream(crmfBlob); + SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -951,27 +948,27 @@ public class HashEnrollServlet extends CMSServlet { if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions @@ -979,7 +976,7 @@ public class HashEnrollServlet extends CMSServlet { try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { @@ -989,40 +986,40 @@ public class HashEnrollServlet extends CMSServlet { // put each extension from CRMF into CertInfo. // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -1034,8 +1031,8 @@ public class HashEnrollServlet extends CMSServlet { // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -1048,27 +1045,27 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } @@ -1107,19 +1104,19 @@ public class HashEnrollServlet extends CMSServlet { out.println("<P>"); out.println("<PRE>"); X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); + CMS.getEncodedCert(certs[0]) + ">"); } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); @@ -1136,11 +1133,11 @@ public class HashEnrollServlet extends CMSServlet { out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); @@ -1155,21 +1152,21 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - // include all the input data - IArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data + * IArgBlock args = cmsReq.getHttpParams(); + * Enumeration ele = args.getElements(); + * while (ele.hasMoreElements()) { + * String eleT = (String)ele.nextElement(); + * out.println("<!HTTP_INPUT " + eleT + "=" + + * args.get(eleT) + ">"); + * } **/ out.println("</HTML>"); @@ -1184,32 +1181,32 @@ public class HashEnrollServlet extends CMSServlet { private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) + int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) + throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); + cert.get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.class.getSimpleName()); + exts.get(KeyUsageExtension.class.getSimpleName()); - if (ext == null) + if (ext == null) // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1235,9 +1232,9 @@ public class HashEnrollServlet extends CMSServlet { } } newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); + KeyUsageExtension newext = + new KeyUsageExtension(Boolean.valueOf(true), + (Object) newvalue); exts.delete(KeyUsageExtension.class.getSimpleName()); exts.set(KeyUsageExtension.class.getSimpleName(), newext); @@ -1253,4 +1250,3 @@ public class HashEnrollServlet extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java index 75726730..5e4f7a42 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.StringReader; @@ -58,25 +57,26 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * Set up HTTP response to import certificate into browsers * * The result must have been populate with the set of certificates * to return. + * * <pre> * inputs: certtype. * outputs: - * - cert type from http input (if any) + * - cert type from http input (if any) * - CA chain - * - authority name (RM, CM, DRM) + * - authority name (RM, CM, DRM) * - scheme:host:port of server. - * array of one or more + * array of one or more * - cert serial number * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * - cert in base 64 encoding. + * - cmmf blob to import * </pre> + * * @version $Revision$, $Date$ */ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { @@ -88,7 +88,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco public static final String CERT_NICKNAME = "certNickname"; public static final String CMMF_RESP = "cmmfResponse"; - public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE + public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE public ImportCertsTemplateFiller() { } @@ -100,19 +100,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Certificate[] certs = (Certificate[]) cmsReq.getResult(); if (certs instanceof X509CertImpl[]) - return getX509TemplateParams(cmsReq, authority, locale, e); + return getX509TemplateParams(cmsReq, authority, locale, e); else return null; } - + public CMSTemplateParams getX509TemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, fixed); @@ -123,9 +123,9 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { int port = httpReq.getServerPort(); String scheme = httpReq.getScheme(); String format = httpReq.getParameter("format"); - if(format!=null && format.equals("cmc")) + if (format != null && format.equals("cmc")) fixed.set("importCMC", "false"); - String agentPort = ""+port; + String agentPort = "" + port; fixed.set("agentHost", host); fixed.set("agentPort", agentPort); fixed.set(ICMSTemplateFiller.HOST, host); @@ -148,33 +148,34 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { // set cert type. IArgBlock httpParams = cmsReq.getHttpParams(); - String certType = - httpParams.getValueAsString(CERT_TYPE, null); + String certType = + httpParams.getValueAsString(CERT_TYPE, null); - if (certType != null) + if (certType != null) fixed.set(CERT_TYPE, certType); - // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + // this authority + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // CA chain. - CertificateChain cachain = - ((ICertAuthority) authority).getCACertChain(); + CertificateChain cachain = + ((ICertAuthority) authority).getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); String replyTo = httpParams.getValueAsString("replyTo", null); - if (replyTo != null) fixed.set("replyTo", replyTo); + if (replyTo != null) + fixed.set("replyTo", replyTo); - // set user + CA cert chain and pkcs7 for MSIE. + // set user + CA cert chain and pkcs7 for MSIE. X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; int m = 1, n = 0; - for (; n < cacerts.length; m++, n++) + for (; n < cacerts.length; m++, n++) userChain[m] = (X509CertImpl) cacerts[n]; - // certs. + // certs. X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult(); // expose CRMF request id @@ -196,23 +197,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { if (CMSServlet.doCMMFResponse(httpParams)) { byte[][] caPubs = new byte[cacerts.length][]; - for (int j = 0; j < cacerts.length; j++) + for (int j = 0; j < cacerts.length; j++) caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); certRepContent = new CertRepContent(caPubs); - String certnickname = - cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); + String certnickname = + cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); // if nickname is not requested set to subject name by default. - if (certnickname == null) + if (certnickname == null) fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString()); else fixed.set(CERT_NICKNAME, certnickname); } // make pkcs7 for MSIE - if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && - (certType == null || certType.equals("client"))) { + if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && + (certType == null || certType.equals("client"))) { userChain[0] = certs[0]; PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), @@ -234,8 +235,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { X509CertImpl cert = certs[i]; // set serial number. - BigInteger serialNo = - ((X509Certificate) cert).getSerialNumber(); + BigInteger serialNo = + ((X509Certificate) cert).getSerialNumber(); repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16); @@ -244,14 +245,14 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { // String b64 = encoder.encodeBuffer(certEncoded); String b64 = CMS.BtoA(certEncoded); String b64cert = "-----BEGIN CERTIFICATE-----\n" + - b64 + "\n-----END CERTIFICATE-----"; + b64 + "\n-----END CERTIFICATE-----"; repeat.set(BASE64_CERT, b64cert); - + // set cert pretty print. - + String prettyPrintRequested = - cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); + cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); if (prettyPrintRequested == null) { prettyPrintRequested = "true"; @@ -266,7 +267,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { repeat.set(CERT_PRETTYPRINT, ppStr); // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { if (cert.equals(cacerts[j])) { @@ -277,10 +279,10 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { certsInChain = new X509CertImpl[cacerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { @@ -292,7 +294,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), certsInChain, new SignerInfo[0]); @@ -308,7 +310,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() //+ "; Please contact your administrator"; throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } // set cert fingerprint (for Cisco routers) @@ -325,18 +327,18 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { throw new EBaseException( CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } - if (fingerprint != null && fingerprint.length() > 0) + if (fingerprint != null && fingerprint.length() > 0) repeat.set(CERT_FINGERPRINT, fingerprint); - // cmmf response for this cert. + // cmmf response for this cert. if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null && - (certType == null || certType.equals("client"))) { + (certType == null || certType.equals("client"))) { PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(certEncoded)); - CertResponse resp = - new CertResponse(new INTEGER(crmfReqId), status, - certifiedKP); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(certEncoded)); + CertResponse resp = + new CertResponse(new INTEGER(crmfReqId), status, + certifiedKP); certRepContent.addCertResponse(resp); } @@ -352,8 +354,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { byte[] certRepBytes = certRepOut.toByteArray(); String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes); // add CR to each return as required by cartman - BufferedReader certRepB64lines = - new BufferedReader(new StringReader(certRepB64)); + BufferedReader certRepB64lines = + new BufferedReader(new StringReader(certRepB64)); StringWriter certRepStringOut = new StringWriter(); String oneLine = null; boolean first = true; @@ -376,4 +378,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index a65be25a..492e0cde 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve a paged list of certs matching the specified query - * + * * @version $Revision$, $Date$ */ public class ListCerts extends CMSServlet { @@ -78,8 +76,8 @@ public class ListCerts extends CMSServlet { private ICertificateRepository mCertDB = null; private X500Name mAuthName = null; private String mFormPath = null; - private boolean mReverse = false; - private boolean mHardJumpTo = false; //jump to the end + private boolean mReverse = false; + private boolean mHardJumpTo = false; //jump to the end private String mDirection = null; private boolean mUseClientFilter = false; private Vector<String> mAllowedClientFilters = new Vector<String>(); @@ -95,7 +93,7 @@ public class ListCerts extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryCert.template" to render the response - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -125,23 +123,23 @@ public class ListCerts extends CMSServlet { the client applications that submits raw LDAP filter into this servlet. */ if (sc.getInitParameter(USE_CLIENT_FILTER) != null && - sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; + sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { + mUseClientFilter = true; } if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { - mAllowedClientFilters.addElement("(certStatus=*)"); - mAllowedClientFilters.addElement("(certStatus=VALID)"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); + mAllowedClientFilters.addElement("(certStatus=*)"); + mAllowedClientFilters.addElement("(certStatus=VALID)"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); } else { StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); while (st.hasMoreTokens()) { - mAllowedClientFilters.addElement(st.nextToken()); + mAllowedClientFilters.addElement(st.nextToken()); } } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter); @@ -151,7 +149,7 @@ public class ListCerts extends CMSServlet { Enumeration<String> filters = mAllowedClientFilters.elements(); // check to see if the filter is allowed while (filters.hasMoreElements()) { - String filter = (String)filters.nextElement(); + String filter = (String) filters.nextElement(); com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; @@ -166,34 +164,33 @@ public class ListCerts extends CMSServlet { boolean skipRevoked = false; boolean skipNonValid = false; if (req.getParameter("skipRevoked") != null && - req.getParameter("skipRevoked").equals("on")) { + req.getParameter("skipRevoked").equals("on")) { skipRevoked = true; } if (req.getParameter("skipNonValid") != null && - req.getParameter("skipNonValid").equals("on")) { + req.getParameter("skipNonValid").equals("on")) { skipNonValid = true; } if (!skipRevoked && !skipNonValid) { - queryCertFilter = "(certStatus=*)"; - } else if (skipRevoked && skipNonValid) { - queryCertFilter = "(certStatus=VALID)"; - } else if (skipRevoked) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; - } else if (skipNonValid) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; + queryCertFilter = "(certStatus=*)"; + } else if (skipRevoked && skipNonValid) { + queryCertFilter = "(certStatus=VALID)"; + } else if (skipRevoked) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; + } else if (skipNonValid) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; } return queryCertFilter; } /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount Number of certificates to show - * <li>http.param queryFilter and ldap style filter specifying the - * certificates to show - * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down - * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up + * Process the HTTP request. + * <ul> + * <li>http.param maxCount Number of certificates to show + * <li>http.param queryFilter and ldap style filter specifying the certificates to show + * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down + * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up * <li>http.param direction "up", "down", "begin", or "end" * </ul> */ @@ -232,24 +229,24 @@ public class ListCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - mHardJumpTo = false; + mHardJumpTo = false; try { - if (req.getParameter("direction") != null) { - mDirection = req.getParameter("direction").trim(); - mReverse = mDirection.equals("up"); - if (mReverse) - com.netscape.certsrv.apps.CMS.debug("reverse is true"); - else - com.netscape.certsrv.apps.CMS.debug("reverse is false"); + if (req.getParameter("direction") != null) { + mDirection = req.getParameter("direction").trim(); + mReverse = mDirection.equals("up"); + if (mReverse) + com.netscape.certsrv.apps.CMS.debug("reverse is true"); + else + com.netscape.certsrv.apps.CMS.debug("reverse is false"); - } + } if (req.getParameter("maxCount") != null) { maxCount = Integer.parseInt(req.getParameter("maxCount")); @@ -259,19 +256,19 @@ public class ListCerts extends CMSServlet { maxCount = mMaxReturns; } - String sentinelStr = ""; - if (mReverse) { - sentinelStr = req.getParameter("querySentinelUp"); - } else if (mDirection.equals("end")) { - // this servlet will figure out the end - sentinelStr = "0"; - mReverse = true; - mHardJumpTo = true; - } else if (mDirection.equals("down")) { - sentinelStr = req.getParameter("querySentinelDown"); - } else - sentinelStr = "0"; - //begin and non-specified have sentinel default "0" + String sentinelStr = ""; + if (mReverse) { + sentinelStr = req.getParameter("querySentinelUp"); + } else if (mDirection.equals("end")) { + // this servlet will figure out the end + sentinelStr = "0"; + mReverse = true; + mHardJumpTo = true; + } else if (mDirection.equals("down")) { + sentinelStr = req.getParameter("querySentinelDown"); + } else + sentinelStr = "0"; + //begin and non-specified have sentinel default "0" if (sentinelStr != null) { if (sentinelStr.trim().startsWith("0x")) { @@ -288,7 +285,7 @@ public class ListCerts extends CMSServlet { //if (isCertFromCA(caCert)) header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + caCert.getSerialNumber().toString(16)); } // constructs the ldap filter on the server side @@ -298,7 +295,7 @@ public class ListCerts extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter); int totalRecordCount = -1; @@ -307,16 +304,16 @@ public class ListCerts extends CMSServlet { totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } catch (Exception e) { } - processCertFilter(argSet, header, maxCount, - sentinel, - totalRecordCount, - req.getParameter("serialTo"), - queryCertFilter, - req, resp, revokeAll, locale[0]); + processCertFilter(argSet, header, maxCount, + sentinel, + totalRecordCount, + req.getParameter("serialTo"), + queryCertFilter, + req, resp, revokeAll, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - - error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + + error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -329,36 +326,36 @@ public class ListCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void processCertFilter(CMSTemplateParams argSet, - IArgBlock header, - int maxCount, - BigInteger sentinel, - int totalRecordCount, - String serialTo, - String filter, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - Locale locale - ) throws EBaseException { + private void processCertFilter(CMSTemplateParams argSet, + IArgBlock header, + int maxCount, + BigInteger sentinel, + int totalRecordCount, + String serialTo, + String filter, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + Locale locale + ) throws EBaseException { BigInteger serialToVal = MINUS_ONE; try { @@ -376,21 +373,21 @@ public class ListCerts extends CMSServlet { } String jumpTo = sentinel.toString(); - int pSize = 0; - if (mReverse) { - if (!mHardJumpTo) //reverse gets one more - pSize = -1*maxCount-1; - else - pSize = -1*maxCount; - } else - pSize = maxCount; + int pSize = 0; + if (mReverse) { + if (!mHardJumpTo) //reverse gets one more + pSize = -1 * maxCount - 1; + else + pSize = -1 * maxCount; + } else + pSize = maxCount; ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", - pSize); + filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", + pSize); // retrive maxCount + 1 entries - Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); + Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); ICertRecordList tolist = null; int toCurIndex = 0; @@ -399,8 +396,8 @@ public class ListCerts extends CMSServlet { // if user specify a range, we need to // calculate the totalRecordCount tolist = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, - (String[]) null, serialTo, + filter, + (String[]) null, serialTo, "serialno", maxCount); Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0); @@ -420,82 +417,82 @@ public class ListCerts extends CMSServlet { } } } - + int curIndex = list.getCurrentIndex(); int count = 0; - BigInteger firstSerial = new BigInteger("0"); - BigInteger curSerial = new BigInteger("0"); - ICertRecord[] recs = new ICertRecord[maxCount]; - int rcount = 0; + BigInteger firstSerial = new BigInteger("0"); + BigInteger curSerial = new BigInteger("0"); + ICertRecord[] recs = new ICertRecord[maxCount]; + int rcount = 0; if (e != null) { - /* in reverse (page up), because the sentinel is the one after the - * last item to be displayed, we need to skip it - */ - while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) { + /* in reverse (page up), because the sentinel is the one after the + * last item to be displayed, we need to skip it + */ + while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) { ICertRecord rec = (ICertRecord) e.nextElement(); if (rec == null) { - com.netscape.certsrv.apps.CMS.debug("record "+count+" is null"); + com.netscape.certsrv.apps.CMS.debug("record " + count + " is null"); break; - } + } curSerial = rec.getSerialNumber(); - com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial); - - if (count == 0) { - firstSerial = curSerial; - if (mReverse && !mHardJumpTo) {//reverse got one more, skip - count++; - continue; - } - } - - // DS has a problem where last record will be returned - // even though the filter is not matched. - /*cfu - is this necessary? it breaks when paging up - if (curSerial.compareTo(sentinel) == -1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break..."); - - break; - } - */ + com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial); + + if (count == 0) { + firstSerial = curSerial; + if (mReverse && !mHardJumpTo) {//reverse got one more, skip + count++; + continue; + } + } + + // DS has a problem where last record will be returned + // even though the filter is not matched. + /*cfu - is this necessary? it breaks when paging up + if (curSerial.compareTo(sentinel) == -1) { + com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break..."); + + break; + } + */ if (!serialToVal.equals(MINUS_ONE)) { // check if we go over the limit if (curSerial.compareTo(serialToVal) == 1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); + com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); break; - } + } } - if (mReverse) { - recs[rcount++] = rec; - } else { + if (mReverse) { + recs[rcount++] = rec; + } else { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - } + fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + } count++; } } else { com.netscape.certsrv.apps.CMS.debug( - "ListCerts::processCertFilter() - no Cert Records found!" ); + "ListCerts::processCertFilter() - no Cert Records found!"); return; } - if (mReverse) { - // fill records into arg block and argSet - for (int ii = rcount-1; ii>= 0; ii--) { - if (recs[ii] != null) { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber()); - fillRecordIntoArg(recs[ii], rarg); - argSet.addRepeatRecord(rarg); - } - } - } + if (mReverse) { + // fill records into arg block and argSet + for (int ii = rcount - 1; ii >= 0; ii--) { + if (recs[ii] != null) { + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber()); + fillRecordIntoArg(recs[ii], rarg); + argSet.addRepeatRecord(rarg); + } + } + } // peek ahead ICertRecord nextRec = null; @@ -519,58 +516,58 @@ public class ListCerts extends CMSServlet { if (totalRecordCount == -1) { if (!serialToVal.equals(MINUS_ONE)) { totalRecordCount = toCurIndex - curIndex + 1; - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount); } else { - totalRecordCount = list.getSize() - + totalRecordCount = list.getSize() - list.getCurrentIndex(); - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount); } } header.addIntegerValue("totalRecordCount", totalRecordCount); - header.addIntegerValue("currentRecordCount", list.getSize() - - list.getCurrentIndex()); - - String qs = ""; - if (mReverse) - qs = "querySentinelUp"; - else - qs = "querySentinelDown"; - - if (mHardJumpTo) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } else { - if (nextRec == null) { - header.addStringValue(qs, null); - com.netscape.certsrv.apps.CMS.debug("nextRec is null"); - if (mReverse) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } + header.addIntegerValue("currentRecordCount", list.getSize() - + list.getCurrentIndex()); + + String qs = ""; + if (mReverse) + qs = "querySentinelUp"; + else + qs = "querySentinelDown"; + + if (mHardJumpTo) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString()); + + header.addStringValue("querySentinelUp", curSerial.toString()); } else { - BigInteger nextRecNo = nextRec.getSerialNumber(); + if (nextRec == null) { + header.addStringValue(qs, null); + com.netscape.certsrv.apps.CMS.debug("nextRec is null"); + if (mReverse) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString()); - if (serialToVal.equals(MINUS_ONE)) { - header.addStringValue( - qs, nextRecNo.toString()); + header.addStringValue("querySentinelUp", curSerial.toString()); + } } else { - if (nextRecNo.compareTo(serialToVal) <= 0) { + BigInteger nextRecNo = nextRec.getSerialNumber(); + + if (serialToVal.equals(MINUS_ONE)) { header.addStringValue( - qs, nextRecNo.toString()); + qs, nextRecNo.toString()); } else { - header.addStringValue(qs, - null); + if (nextRecNo.compareTo(serialToVal) <= 0) { + header.addStringValue( + qs, nextRecNo.toString()); + } else { + header.addStringValue(qs, + null); + } } + com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString()); } - com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString()); - } - } // !mHardJumpto + } // !mHardJumpto - header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", - firstSerial.toString()); + header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown", + firstSerial.toString()); } @@ -578,7 +575,7 @@ public class ListCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -586,9 +583,9 @@ public class ListCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); @@ -631,12 +628,13 @@ public class ListCerts extends CMSServlet { rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -665,4 +663,3 @@ public class ListCerts extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java index db77d039..b248d2bd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Provide statistical queries of request and certificate records. - * + * * @version $Revision$, $Date$ */ public class Monitor extends CMSServlet { @@ -83,8 +81,8 @@ public class Monitor extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * 'monitor.template' to render the response. - * + * 'monitor.template' to render the response. + * * @param sc servlet configuration, read from the web.xml file */ @@ -111,8 +109,8 @@ public class Monitor extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param startTime start of time period to query - * <li>http.param endTime end of time period to query - * <li>http.param interval time between queries + * <li>http.param endTime end of time period to query + * <li>http.param interval time between queries * <li>http.param numberOfIntervals number of queries to run * <li>http.param maxResults =number * <li>http.param timeLimit =time @@ -130,10 +128,10 @@ public class Monitor extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -158,8 +156,8 @@ public class Monitor extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } @@ -172,7 +170,7 @@ public class Monitor extends CMSServlet { process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); + CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); error = e; } @@ -182,29 +180,29 @@ public class Monitor extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void process(CMSTemplateParams argSet, IArgBlock header, - String startTime, String endTime, - String interval, String numberOfIntervals, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String startTime, String endTime, + String interval, String numberOfIntervals, + Locale locale) + throws EBaseException { if (interval == null || interval.length() == 0) { header.addStringValue("error", "Invalid interval: " + interval); return; @@ -270,7 +268,7 @@ public class Monitor extends CMSServlet { return; } - + Date nextDate(Date d, int seconds) { Date date = new Date((d.getTime()) + ((long) (seconds * 1000))); @@ -326,12 +324,12 @@ public class Monitor extends CMSServlet { mTotalReqs += count; } } catch (Exception ex) { - return "Exception: " + ex; + return "Exception: " + ex; } return null; } else { - return "Missing start or end date"; + return "Missing start or end date"; } } @@ -348,12 +346,12 @@ public class Monitor extends CMSServlet { int hour = Integer.parseInt(z.substring(8, 10)); int minute = Integer.parseInt(z.substring(10, 12)); int second = Integer.parseInt(z.substring(12, 14)); - Calendar calendar= Calendar.getInstance(); + Calendar calendar = Calendar.getInstance(); calendar.set(year, month, date, hour, minute, second); d = calendar.getTime(); } catch (NumberFormatException nfe) { } - } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 + } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 try { int i = Integer.parseInt(z); @@ -370,23 +368,27 @@ public class Monitor extends CMSServlet { Calendar calendar = Calendar.getInstance(); calendar.setTime(d); - String time = "" + (calendar.get(Calendar.YEAR)); int i = calendar.get(Calendar.MONTH) + 1; - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; - i = calendar.get(Calendar.DAY_OF_MONTH); - if (i < 10) time += "0"; + i = calendar.get(Calendar.DAY_OF_MONTH); + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.HOUR_OF_DAY); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.MINUTE); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.SECOND); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i + "Z"; return time; } @@ -403,4 +405,3 @@ public class Monitor extends CMSServlet { return filter; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java index 50296cf1..87882059 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Specify the RevocationReason when revoking a certificate - * + * * @version $Revision$, $Date$ */ public class ReasonToRevoke extends CMSServlet { @@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * 'reasonToRevoke.template' to render the response - * + * initialize the servlet. This servlet uses the template file + * 'reasonToRevoke.template' to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -108,13 +106,13 @@ public class ReasonToRevoke extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -130,10 +128,10 @@ public class ReasonToRevoke extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -151,10 +149,10 @@ public class ReasonToRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -163,20 +161,20 @@ public class ReasonToRevoke extends CMSServlet { try { if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = + totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } revokeAll = req.getParameter("revokeAll"); - process(argSet, header, req, resp, - revokeAll, totalRecordCount, locale[0]); + process(argSet, header, req, resp, + revokeAll, totalRecordCount, locale[0]); } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + } /* catch (Exception e) { @@ -196,30 +194,30 @@ public class ReasonToRevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, int totalRecordCount, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, int totalRecordCount, + Locale locale) + throws EBaseException { header.addStringValue("revokeAll", revokeAll); header.addIntegerValue("totalRecordCount", totalRecordCount); @@ -238,14 +236,14 @@ public class ReasonToRevoke extends CMSServlet { if (isCertFromCA(caCert)) { header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + caCert.getSerialNumber().toString(16)); } } /** - ICertRecordList list = mCertDB.findCertRecordsInList( - revokeAll, null, totalRecordCount); - Enumeration e = list.getCertRecords(0, totalRecordCount - 1); + * ICertRecordList list = mCertDB.findCertRecordsInList( + * revokeAll, null, totalRecordCount); + * Enumeration e = list.getCertRecords(0, totalRecordCount - 1); **/ Enumeration e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits); @@ -265,16 +263,16 @@ public class ReasonToRevoke extends CMSServlet { count++; IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", - xcert.getSerialNumber().toString()); - rarg.addStringValue("subject", - xcert.getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - xcert.getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - xcert.getNotAfter().getTime() / 1000); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", + xcert.getSerialNumber().toString()); + rarg.addStringValue("subject", + xcert.getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + xcert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + xcert.getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } @@ -288,4 +286,3 @@ public class ReasonToRevoke extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java index 9c414b9c..5a0a1266 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Allow agent to turn on/off authentication managers * @@ -89,7 +87,7 @@ public class RemoteAuthConfig extends CMSServlet { /** * Initializes the servlet. - * + * * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg * enables remote configuration for authentication plugins. * List of remotely set instances can be found in CMS.cfg @@ -133,16 +131,16 @@ public class RemoteAuthConfig extends CMSServlet { /** * Serves HTTPS request. The format of this request is as follows: - * https://host:ee-port/remoteAuthConfig? - * op="add"|"delete"& - * instance=<instanceName>& - * of=<authPluginName>& - * host=<hostName>& - * port=<portNumber>& - * password=<password>& - * [adminDN=<adminDN>]& - * [uid=<uid>]& - * [baseDN=<baseDN>] + * https://host:ee-port/remoteAuthConfig? + * op="add"|"delete"& + * instance=<instanceName>& + * of=<authPluginName>& + * host=<hostName>& + * port=<portNumber>& + * password=<password>& + * [adminDN=<adminDN>]& + * [uid=<uid>]& + * [baseDN=<baseDN>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -201,7 +199,7 @@ public class RemoteAuthConfig extends CMSServlet { } } else { header.addStringValue("error", "Unknown instance " + - instance + "."); + instance + "."); } } else { header.addStringValue("error", "Unknown plugin name: " + plugin); @@ -217,7 +215,7 @@ public class RemoteAuthConfig extends CMSServlet { } if (isInstanceListed(instance)) { header.addStringValue("error", "Instance name " + - instance + " is already in use."); + instance + " is already in use."); } else { errMsg = addInstance(instance, plugin, host, port, baseDN, @@ -253,7 +251,7 @@ public class RemoteAuthConfig extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -263,15 +261,15 @@ public class RemoteAuthConfig extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private String authenticateRemoteAdmin(String host, String port, - String adminDN, String password) { + String adminDN, String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -362,8 +360,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String authenticateRemoteAdmin(String host, String port, - String uid, String baseDN, - String password) { + String uid, String baseDN, + String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -473,8 +471,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String addInstance(String instance, String plugin, - String host, String port, - String baseDN, String dnPattern) { + String host, String port, + String baseDN, String dnPattern) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -516,7 +514,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -542,7 +541,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -602,17 +602,21 @@ public class RemoteAuthConfig extends CMSServlet { int y = now.get(Calendar.YEAR); String name = "R" + y; - if (now.get(Calendar.MONTH) < 10) name += "0"; + if (now.get(Calendar.MONTH) < 10) + name += "0"; name += now.get(Calendar.MONTH); - if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0"; + if (now.get(Calendar.DAY_OF_MONTH) < 10) + name += "0"; name += now.get(Calendar.DAY_OF_MONTH); - if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0"; + if (now.get(Calendar.HOUR_OF_DAY) < 10) + name += "0"; name += now.get(Calendar.HOUR_OF_DAY); - if (now.get(Calendar.MINUTE) < 10) name += "0"; + if (now.get(Calendar.MINUTE) < 10) + name += "0"; name += now.get(Calendar.MINUTE); - if (now.get(Calendar.SECOND) < 10) name += "0"; + if (now.get(Calendar.SECOND) < 10) + name += "0"; name += now.get(Calendar.SECOND); return name; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java index 050dd36d..2bc1d305 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; /** * Certificate Renewal - * + * * @version $Revision$, $Date$ */ public class RenewalServlet extends CMSServlet { @@ -69,8 +68,7 @@ public class RenewalServlet extends CMSServlet { private static final long serialVersionUID = -3094124661102395244L; // renewal templates. - public static final String - RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; + public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; // http params public static final String CERT_TYPE = "certType"; @@ -81,8 +79,7 @@ public class RenewalServlet extends CMSServlet { public static final String IMPORT_CERT = "importCert"; private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - private ICMSTemplateFiller - mRenewalSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller(); public RenewalServlet() { super(); @@ -92,6 +89,7 @@ public class RenewalServlet extends CMSServlet { * initialize the servlet. This servlet makes use of the * template file "RenewalSuccess.template" to render the * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,32 +101,31 @@ public class RenewalServlet extends CMSServlet { PROP_SUCCESS_TEMPLATE); if (mRenewalSuccessTemplate == null) mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mRenewalSuccessFiller = filler; } } catch (Exception e) { // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -139,7 +136,7 @@ public class RenewalServlet extends CMSServlet { // - old certs from auth manager // - coming from agent or trusted RA: // - serial no of cert to be renewed. - + BigInteger old_serial_no = null; X509CertImpl old_cert = null; X509CertImpl renewed_cert = null; @@ -156,10 +153,10 @@ public class RenewalServlet extends CMSServlet { mAuthzResourceName, "renew"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -190,7 +187,7 @@ public class RenewalServlet extends CMSServlet { int endDate = httpParams.getValueAsInt("endDate", -1); if (beginYear != -1 && beginMonth != -1 && beginDate != -1 && - endYear != -1 && endMonth != -1 && endDate != -1) { + endYear != -1 && endMonth != -1 && endDate != -1) { Calendar calendar = Calendar.getInstance(); calendar.set(beginYear, beginMonth, beginDate); notBefore = calendar.getTime(); @@ -213,15 +210,15 @@ public class RenewalServlet extends CMSServlet { X509CertInfo new_certInfo = null; req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST); - req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no}); + req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no }); if (old_cert != null) { req.setExtData(IRequest.OLD_CERTS, - new X509CertImpl[] { old_cert } - ); + new X509CertImpl[] { old_cert } + ); // create new certinfo from old_cert contents. X509CertInfo old_certInfo = (X509CertInfo) - ((X509CertImpl) old_cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) old_cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo()); } else { @@ -229,28 +226,28 @@ public class RenewalServlet extends CMSServlet { // (serializable) to pass through policies. And set the old // serial number to pick up. new_certInfo = new CertInfo(); - new_certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(old_serial_no)); + new_certInfo.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(old_serial_no)); } - + if (notBefore == null || notAfter == null) { notBefore = new Date(0); notAfter = new Date(0); } - new_certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(notBefore, notAfter)); + new_certInfo.set(X509CertInfo.VALIDITY, + new CertificateValidity(notBefore, notAfter)); req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo } - ); + ); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } saveHttpHeaders(httpReq, req); @@ -269,7 +266,7 @@ public class RenewalServlet extends CMSServlet { if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - }else { + } else { // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } @@ -292,51 +289,51 @@ public class RenewalServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "violation: " + - wholeMsg.toString()} - // wholeMsg}, - // ILogger.L_MULTILINE - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "violation: " + + wholeMsg.toString() } + // wholeMsg}, + // ILogger.L_MULTILINE + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.RENEWALFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } return; } @@ -345,15 +342,15 @@ public class RenewalServlet extends CMSServlet { Integer result = req.getExtDataInInteger(IRequest.RESULT); CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); + "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); if (result.equals(IRequest.RES_ERROR)) { CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is error."); + "RenewalServlet: Result for request " + req.getRequestId() + " is error."); cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -365,19 +362,19 @@ public class RenewalServlet extends CMSServlet { //err.toString()); cmsReq.setErrorDescription(err); mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } } @@ -393,27 +390,27 @@ public class RenewalServlet extends CMSServlet { long endTime = CMS.getCurrentDate().getTime(); mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + ); return; } private void respondSuccess( - CMSRequest cmsReq, X509CertImpl renewed_cert) - throws EBaseException { - cmsReq.setResult(new X509CertImpl[] {renewed_cert} - ); + CMSRequest cmsReq, X509CertImpl renewed_cert) + throws EBaseException { + cmsReq.setResult(new X509CertImpl[] { renewed_cert } + ); cmsReq.setStatus(CMSRequest.SUCCESS); // check if cert should be imported. @@ -425,45 +422,45 @@ public class RenewalServlet extends CMSServlet { String certType = httpParams.getValueAsString(CERT_TYPE, "client"); String agent = httpReq.getHeader("user-agent"); - if (checkImportCertToNav(cmsReq.getHttpResp(), + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, renewed_cert)) { return; } else { try { - renderTemplate(cmsReq, - mRenewalSuccessTemplate, mRenewalSuccessFiller); + renderTemplate(cmsReq, + mRenewalSuccessTemplate, mRenewalSuccessFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", - mRenewalSuccessTemplate, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + mRenewalSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } - protected BigInteger getRenewedCert(ICertRecord certRec) - throws EBaseException { + protected BigInteger getRenewedCert(ICertRecord certRec) + throws EBaseException { BigInteger renewedCert = null; String serial = null; - MetaInfo meta = certRec.getMetaInfo(); + MetaInfo meta = certRec.getMetaInfo(); if (meta == null) { - log(ILogger.LL_INFO, - "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); return null; } serial = (String) meta.get(ICertRecord.META_RENEWED_CERT); if (serial == null) { - log(ILogger.LL_INFO, - "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); return null; } renewedCert = new BigInteger(serial); - log(ILogger.LL_INFO, - "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + - certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + + certRec.getSerialNumber().toString(16)); return renewedCert; } @@ -471,27 +468,27 @@ public class RenewalServlet extends CMSServlet { * get certs to renew from agent. */ private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } } certContainer[0] = cert; @@ -502,23 +499,23 @@ public class RenewalServlet extends CMSServlet { * get cert to renew from auth manager */ private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { log(ILogger.LL_FAILURE, "certficate from auth manager for " + - " renewal is not from this ca."); + " renewal is not from this ca."); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java index 9b39acc7..875f2ab6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Perform the first step in revoking a certificate - * + * * @version $Revision$, $Date$ */ public class RevocationServlet extends CMSServlet { @@ -85,15 +83,15 @@ public class RevocationServlet extends CMSServlet { private Random mRandom = null; private Nonces mNonces = null; - public RevocationServlet() { super(); } /** - * initialize the servlet. This servlet uses - * the template file "reasonToRevoke.template" to render the - * result. + * initialize the servlet. This servlet uses + * the template file "reasonToRevoke.template" to render the + * result. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -115,7 +113,7 @@ public class RevocationServlet extends CMSServlet { } } - // set to false by revokeByDN=false in web.xml + // set to false by revokeByDN=false in web.xml mRevokeByDN = false; String tmp = sc.getInitParameter(PROP_REVOKEBYDN); @@ -127,17 +125,16 @@ public class RevocationServlet extends CMSServlet { } } - /** - * Process the HTTP request. Note that this servlet does not - * actually perform the certificate revocation. This is the first - * step in the multi-step revocation process. (the next step is + * Process the HTTP request. Note that this servlet does not + * actually perform the certificate revocation. This is the first + * step in the multi-step revocation process. (the next step is * in the ReasonToRevoke servlet. - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -148,7 +145,7 @@ public class RevocationServlet extends CMSServlet { // - old certs from auth manager // - coming from agent or trusted RA: // - serial no of cert to be revoked. - + BigInteger old_serial_no = null; X509CertImpl old_cert = null; String revokeAll = null; @@ -159,10 +156,10 @@ public class RevocationServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -178,17 +175,17 @@ public class RevocationServlet extends CMSServlet { mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + // coming from agent if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; @@ -199,7 +196,7 @@ public class RevocationServlet extends CMSServlet { else { // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; - + old_serial_no = getCertFromAuthMgr(authToken, cert); old_cert = cert[0]; } @@ -212,7 +209,7 @@ public class RevocationServlet extends CMSServlet { if (mNonces != null) { long n = mRandom.nextLong(); - long m = mNonces.addNonce(n, (X509Certificate)old_cert); + long m = mNonces.addNonce(n, (X509Certificate) old_cert); if ((n + m) != 0) { header.addStringValue("nonce", Long.toString(m)); } @@ -229,12 +226,12 @@ public class RevocationServlet extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST); String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." + - X509CertInfo.SUBJECT + "=" + - old_cert.getSubjectDN().toString() + ")(|(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_VALID + ")(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_EXPIRED + ")))"; + X509CertInfo.SUBJECT + "=" + + old_cert.getSubjectDN().toString() + ")(|(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_VALID + ")(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_EXPIRED + ")))"; req.setExtData(IRequest.CERT_FILTER, filter); mRequestQueue.processRequest(req); @@ -271,8 +268,8 @@ public class RevocationServlet extends CMSServlet { if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 || (!authorized))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); } @@ -296,15 +293,15 @@ public class RevocationServlet extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - certsToRevoke[i].getSerialNumber().toString(16)); + certsToRevoke[i].getSerialNumber().toString(16)); rarg.addStringValue("serialNumberDecimal", - certsToRevoke[i].getSerialNumber().toString()); + certsToRevoke[i].getSerialNumber().toString()); rarg.addStringValue("subject", - certsToRevoke[i].getSubjectDN().toString()); + certsToRevoke[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certsToRevoke[i].getNotBefore().getTime() / 1000); + certsToRevoke[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certsToRevoke[i].getNotAfter().getTime() / 1000); + certsToRevoke[i].getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } else { @@ -313,7 +310,7 @@ public class RevocationServlet extends CMSServlet { } // set revocation reason, default to unspecified if not set. - int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); + int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); header.addIntegerValue("reason", reasonCode); @@ -324,10 +321,10 @@ public class RevocationServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; @@ -337,28 +334,28 @@ public class RevocationServlet extends CMSServlet { * get cert to revoke from agent. */ private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -369,22 +366,22 @@ public class RevocationServlet extends CMSServlet { * get cert to revoke from auth manager */ private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -393,4 +390,3 @@ public class RevocationServlet extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java index 3a571d44..cfc562d7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.util.Locale; import javax.servlet.http.HttpServletRequest; @@ -31,21 +30,21 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Certificates Template filler. - * must have list of certificates in result. + * Certificates Template filler. + * must have list of certificates in result. * looks at inputs: certtype. - * outputs: - * - cert type from http input (if any) - * - CA chain - * - authority name (RM, CM, DRM) - * - scheme:host:port of server. - * array of one or more - * - cert serial number - * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * outputs: + * - cert type from http input (if any) + * - CA chain + * - authority name (RM, CM, DRM) + * - scheme:host:port of server. + * array of one or more + * - cert serial number + * - cert pretty print + * - cert in base 64 encoding. + * - cmmf blob to import + * * @version $Revision$, $Date$ */ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { @@ -61,8 +60,8 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -77,13 +76,13 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.SCHEME, scheme); // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // XXX CA chain. - RevokedCertImpl[] revoked = - (RevokedCertImpl[]) cmsReq.getResult(); + RevokedCertImpl[] revoked = + (RevokedCertImpl[]) cmsReq.getResult(); // revoked certs. for (int i = 0; i < revoked.length; i++) { @@ -96,4 +95,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 17bad7a1..01bcfbc0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SrchCerts extends CMSServlet { @@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet { } /** - * initialize the servlet. This servlet uses srchCert.template - * to render the response + * initialize the servlet. This servlet uses srchCert.template + * to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -145,15 +144,14 @@ public class SrchCerts extends CMSServlet { the client applications that submits raw LDAP filter into this servlet. */ if (sc.getInitParameter("useClientFilter") != null && - sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { + sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { mUseClientFilter = true; } } - private boolean isOn(HttpServletRequest req, String name) - { + private boolean isOn(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("on")) { @@ -162,10 +160,9 @@ public class SrchCerts extends CMSServlet { return false; } - private boolean isOff(HttpServletRequest req, String name) - { + private boolean isOff(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("off")) { @@ -174,8 +171,7 @@ public class SrchCerts extends CMSServlet { return false; } - private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "statusInUse")) { return; } @@ -185,8 +181,7 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "profileInUse")) { return; } @@ -196,16 +191,14 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "basicConstraintsInUse")) { return; } filter.append("(x509cert.BasicConstraints.isCA=on)"); } - private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "serialNumberRangeInUse")) { return; } @@ -225,9 +218,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildAVAFilter(HttpServletRequest req, String paramName, - String avaName, StringBuffer lf, String match) - { + private void buildAVAFilter(HttpServletRequest req, String paramName, + String avaName, StringBuffer lf, String match) { String val = req.getParameter(paramName); if (val != null && !val.equals("")) { if (match != null && match.equals("exact")) { @@ -254,8 +246,7 @@ public class SrchCerts extends CMSServlet { } } - private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "subjectInUse")) { return; } @@ -286,9 +277,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildRevokedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildRevokedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "revokedByInUse")) { return; } @@ -302,10 +292,9 @@ public class SrchCerts extends CMSServlet { } } - private void buildDateFilter(HttpServletRequest req, String prefix, + private void buildDateFilter(HttpServletRequest req, String prefix, String outStr, long adjustment, - StringBuffer filter) - { + StringBuffer filter) { String queryCertFilter = null; long epoch = 0; try { @@ -324,19 +313,17 @@ public class SrchCerts extends CMSServlet { } private void buildRevokedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revokedOnInUse")) { return; } buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter); - buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, + buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, filter); } private void buildRevocationReasonFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revocationReasonInUse")) { return; } @@ -347,23 +334,22 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = null; StringTokenizer st = new StringTokenizer(reasons, ","); if (st.hasMoreTokens()) { - filter.append("(|"); - while (st.hasMoreTokens()) { - String token = st.nextToken(); - if (queryCertFilter == null) { - queryCertFilter = ""; - } - filter.append("(x509cert.certRevoInfo="); - filter.append(token); - filter.append(")"); - } - filter.append(")"); + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(token); + filter.append(")"); + } + filter.append(")"); } } - private void buildIssuedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildIssuedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "issuedByInUse")) { return; } @@ -378,43 +364,39 @@ public class SrchCerts extends CMSServlet { } private void buildIssuedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "issuedOnInUse")) { return; } buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter); - buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, + buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, filter); } private void buildValidNotBeforeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotBeforeInUse")) { return; } - buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", + buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 0, filter); - buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", + buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", 86399999, filter); } private void buildValidNotAfterFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotAfterInUse")) { return; } - buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", + buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 0, filter); - buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", + buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", 86399999, filter); } private void buildValidityLengthFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validityLengthInUse")) { return; } @@ -439,8 +421,7 @@ public class SrchCerts extends CMSServlet { } private void buildCertTypeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "certTypeInUse")) { return; } @@ -471,8 +452,7 @@ public class SrchCerts extends CMSServlet { } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); StringBuffer filter = new StringBuffer(); @@ -504,10 +484,10 @@ public class SrchCerts extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? + * [maxCount=<number>] + * [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -522,10 +502,10 @@ public class SrchCerts extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -551,10 +531,10 @@ public class SrchCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -571,10 +551,10 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = buildFilter(req); process(argSet, header, queryCertFilter, - revokeAll, maxResults, timeLimit, req, resp, locale[0]); + revokeAll, maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -585,33 +565,33 @@ public class SrchCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, String revokeAll, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, String revokeAll, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -629,7 +609,7 @@ public class SrchCerts extends CMSServlet { timeLimit = mTimeLimits; } CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); - Enumeration<ICertRecord > e = mCertDB.searchCertificates(filter, maxResults, timeLimit); + Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit); int count = 0; @@ -671,7 +651,8 @@ public class SrchCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); @@ -687,7 +668,7 @@ public class SrchCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -695,9 +676,9 @@ public class SrchCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); @@ -708,7 +689,7 @@ public class SrchCerts extends CMSServlet { String subject = (String) cert.getSubjectDN().toString(); if (subject.equals("")) { - rarg.addStringValue("subject", " "); + rarg.addStringValue("subject", " "); } else { rarg.addStringValue("subject", subject); @@ -744,12 +725,13 @@ public class SrchCerts extends CMSServlet { rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index b10086e1..77fbc85a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -60,10 +59,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Force the CRL to be updated now. - * + * * @version $Revision$, $Date$ */ public class UpdateCRL extends CMSServlet { @@ -96,32 +94,31 @@ public class UpdateCRL extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output orw own template. + + // override success to do output orw own template. mTemplates.remove(CMSRequest.SUCCESS); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL - * <li>http.param waitForUpdate true/false - should the servlet wait until - * the CRL update is complete? - * <li>http.param clearCRLCache true/false - should the CRL cache cleared - * before the CRL is generated? + * <li>http.param waitForUpdate true/false - should the servlet wait until the CRL update is complete? + * <li>http.param clearCRLCache true/false - should the CRL cache cleared before the CRL is generated? * <li>http.param crlIssuingPoint the CRL Issuing Point to Update * </ul> + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("crl", true /* main action */); + statsSub.startTiming("crl", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -133,16 +130,16 @@ public class UpdateCRL extends CMSServlet { mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } return; } @@ -159,21 +156,21 @@ public class UpdateCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { - String signatureAlgorithm = - req.getParameter("signatureAlgorithm"); + String signatureAlgorithm = + req.getParameter("signatureAlgorithm"); - process(argSet, header, req, resp, - signatureAlgorithm, locale[0]); + process(argSet, header, req, resp, + signatureAlgorithm, locale[0]); } catch (EBaseException e) { error = e; } @@ -184,42 +181,43 @@ public class UpdateCRL extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } } - private CRLExtensions crlEntryExtensions (String reason, String invalidity) { + private CRLExtensions crlEntryExtensions(String reason, String invalidity) { CRLExtensions entryExts = new CRLExtensions(); CRLReasonExtension crlReasonExtn = null; if (reason != null && reason.length() > 0) { try { RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason)); - if (revReason == null) revReason = RevocationReason.UNSPECIFIED; + if (revReason == null) + revReason = RevocationReason.UNSPECIFIED; crlReasonExtn = new CRLReasonExtension(revReason); } catch (Exception e) { - CMS.debug("Invalid revocation reason: "+reason); + CMS.debug("Invalid revocation reason: " + reason); } } @@ -229,15 +227,15 @@ public class UpdateCRL extends CMSServlet { Date invalidityDate = null; try { long backInTime = Long.parseLong(invalidity); - invalidityDate = new Date(now-(backInTime*60000)); + invalidityDate = new Date(now - (backInTime * 60000)); } catch (Exception e) { - CMS.debug("Invalid invalidity time offset: "+invalidity); + CMS.debug("Invalid invalidity time offset: " + invalidity); } if (invalidityDate != null) { try { invalidityDateExtn = new InvalidityDateExtension(invalidityDate); } catch (Exception e) { - CMS.debug("Error creating invalidity extension: "+e); + CMS.debug("Error creating invalidity extension: " + e); } } } @@ -246,7 +244,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(crlReasonExtn.getName(), crlReasonExtn); } catch (Exception e) { - CMS.debug("Error adding revocation reason extension to entry extensions: "+e); + CMS.debug("Error adding revocation reason extension to entry extensions: " + e); } } @@ -254,7 +252,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn); } catch (Exception e) { - CMS.debug("Error adding invalidity date extension to entry extensions: "+e); + CMS.debug("Error adding invalidity date extension to entry extensions: " + e); } } @@ -293,18 +291,18 @@ public class UpdateCRL extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String signatureAlgorithm, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String signatureAlgorithm, + Locale locale) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); - String waitForUpdate = - req.getParameter("waitForUpdate"); - String clearCache = - req.getParameter("clearCRLCache"); - String crlIssuingPointId = - req.getParameter("crlIssuingPoint"); + String waitForUpdate = + req.getParameter("waitForUpdate"); + String clearCache = + req.getParameter("clearCRLCache"); + String crlIssuingPointId = + req.getParameter("crlIssuingPoint"); String test = req.getParameter("test"); String add = req.getParameter("add"); String from = req.getParameter("from"); @@ -317,45 +315,46 @@ public class UpdateCRL extends CMSServlet { Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints(); while (ips.hasMoreElements()) { - ICRLIssuingPoint ip = ips.nextElement(); + ICRLIssuingPoint ip = ips.nextElement(); if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL; } - ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = + mCA.getCRLIssuingPoint(crlIssuingPointId); header.addStringValue("crlIssuingPoint", crlIssuingPointId); IPublisherProcessor lpm = mCA.getPublisherProcessor(); if (crlIssuingPoint != null) { if (clearCache != null && clearCache.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { crlIssuingPoint.clearCRLCache(); } if (waitForUpdate != null && waitForUpdate.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { if (test != null && test.equals("true") && - crlIssuingPoint.isCRLCacheTestingEnabled() && - (!mTesting.contains(crlIssuingPointId))) { + crlIssuingPoint.isCRLCacheTestingEnabled() && + (!mTesting.contains(crlIssuingPointId))) { CMS.debug("CRL test started."); mTesting.add(crlIssuingPointId); BigInteger addLen = null; BigInteger startFrom = null; if (add != null && add.length() > 0 && - from != null && from.length() > 0) { + from != null && from.length() > 0) { try { addLen = new BigInteger(add); startFrom = new BigInteger(from); @@ -366,7 +365,7 @@ public class UpdateCRL extends CMSServlet { Date revocationDate = CMS.getCurrentDate(); String err = null; - CRLExtensions entryExts = crlEntryExtensions (reason, invalidity); + CRLExtensions entryExts = crlEntryExtensions(reason, invalidity); BigInteger serialNumber = startFrom; BigInteger counter = addLen; @@ -380,16 +379,16 @@ public class UpdateCRL extends CMSServlet { long t1 = System.currentTimeMillis(); long t2 = 0; - + while (counter.compareTo(BigInteger.ZERO) > 0) { RevokedCertImpl revokedCert = - new RevokedCertImpl(serialNumber, revocationDate, entryExts); + new RevokedCertImpl(serialNumber, revocationDate, entryExts); crlIssuingPoint.addRevokedCert(serialNumber, revokedCert); serialNumber = serialNumber.add(BigInteger.ONE); counter = counter.subtract(BigInteger.ONE); if ((counter.compareTo(BigInteger.ZERO) == 0) || - (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { + (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { t2 = System.currentTimeMillis(); long t0 = t2 - t1; t1 = t2; @@ -465,40 +464,40 @@ public class UpdateCRL extends CMSServlet { String agentId = (String) sContext.get(SessionContext.USER_ID); IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } long endTime = CMS.getCurrentDate().getTime(); if (crlIssuingPoint.getNextUpdate() != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); - }else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - "not set", - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + crlIssuingPoint.getNextUpdate(), + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + ); + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + "not set", + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + ); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString())); @@ -511,8 +510,7 @@ public class UpdateCRL extends CMSServlet { } } } else { - if (crlIssuingPoint.isCRLIssuingPointInitialized() - != ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) { header.addStringValue("crlUpdate", "notInitialized"); } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE || diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index ccba3362..27de7b28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Update the configured LDAP server with specified objects - * + * * @version $Revision$, $Date$ */ public class UpdateDir extends CMSServlet { @@ -85,12 +83,12 @@ public class UpdateDir extends CMSServlet { private final static int REVOKED_FROM = 10; private final static int REVOKED_TO = 11; private final static int CHECK_FLAG = 12; - private final static String[] updateName = - {"updateAll", "updateCRL", "updateCA", - "updateValid", "validFrom", "validTo", - "updateExpired", "expiredFrom", "expiredTo", - "updateRevoked", "revokedFrom", "revokedTo", - "checkFlag"}; + private final static String[] updateName = + { "updateAll", "updateCRL", "updateCA", + "updateValid", "validFrom", "validTo", + "updateExpired", "expiredFrom", "expiredTo", + "updateRevoked", "revokedFrom", "revokedTo", + "checkFlag" }; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -112,7 +110,7 @@ public class UpdateDir extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - if( mAuthority != null ) { + if (mAuthority != null) { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; @@ -129,8 +127,8 @@ public class UpdateDir extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -146,10 +144,10 @@ public class UpdateDir extends CMSServlet { mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -169,17 +167,17 @@ public class UpdateDir extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); if (mPublisherProcessor == null || - !mPublisherProcessor.enabled()) + !mPublisherProcessor.enabled()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); String[] updateValue = new String[updateName.length]; @@ -191,7 +189,7 @@ public class UpdateDir extends CMSServlet { String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { mClonedCA = true; } @@ -206,29 +204,29 @@ public class UpdateDir extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void updateCRLIssuingPoint( - IArgBlock header, - String crlIssuingPointId, - ICRLIssuingPoint crlIssuingPoint, - Locale locale) { + IArgBlock header, + String crlIssuingPointId, + ICRLIssuingPoint crlIssuingPoint, + Locale locale) { SessionContext sc = SessionContext.getContext(); sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId); @@ -237,28 +235,28 @@ public class UpdateDir extends CMSServlet { try { if (mCRLRepository != null) { - crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { - String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null; + String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null; byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { X509CRLImpl crl = null; @@ -271,13 +269,13 @@ public class UpdateDir extends CMSServlet { if (crl == null) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } else { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, crl); } else { - mPublisherProcessor.publishCRL(crl,crlIssuingPointId); + mPublisherProcessor.publishCRL(crl, crlIssuingPointId); } header.addStringValue("crlPublished", "Success"); } catch (ELdapException e) { @@ -307,20 +305,20 @@ public class UpdateDir extends CMSServlet { BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); Long deltaCRLSize = crlRecord.getDeltaCRLSize(); if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 && - crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) { + crlNumber != null && deltaNumber != null && + deltaNumber.compareTo(crlNumber) >= 0) { goodDelta = true; } } if (deltaCrl != null && ((mClonedCA && goodDelta) || - (crlIssuingPoint != null && - crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { + (crlIssuingPoint != null && + crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, deltaCrl); } else { - mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId); + mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId); } } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); @@ -331,16 +329,16 @@ public class UpdateDir extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String crlIssuingPointId, - String[] updateValue, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String crlIssuingPointId, + String[] updateValue, + Locale locale) + throws EBaseException { // all or crl if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CRL] != null && + (updateValue[UPDATE_CRL] != null && updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) { // check if received issuing point ID is known to the server if (crlIssuingPointId != null) { @@ -352,7 +350,8 @@ public class UpdateDir extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { @@ -361,7 +360,7 @@ public class UpdateDir extends CMSServlet { Vector ipNames = mCRLRepository.getIssuingPointsNames(); if (ipNames != null && ipNames.size() > 0) { for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); updateCRLIssuingPoint(header, ipName, null, locale); } @@ -377,11 +376,11 @@ public class UpdateDir extends CMSServlet { } } else { ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + mCA.getCRLIssuingPoint(crlIssuingPointId); ICRLIssuingPointRecord crlRecord = null; - updateCRLIssuingPoint(header, crlIssuingPointId, - crlIssuingPoint, locale); + updateCRLIssuingPoint(header, crlIssuingPointId, + crlIssuingPoint, locale); } } @@ -390,7 +389,7 @@ public class UpdateDir extends CMSServlet { // all or ca if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CA] != null && + (updateValue[UPDATE_CA] != null && updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); @@ -408,7 +407,7 @@ public class UpdateDir extends CMSServlet { // all or valid if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_VALID] != null && + (updateValue[UPDATE_VALID] != null && updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[VALID_FROM].startsWith("0x")) { @@ -420,16 +419,16 @@ public class UpdateDir extends CMSServlet { Enumeration validCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - validCerts = + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + validCerts = certificateRepository.getValidNotPublishedCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + updateValue[VALID_FROM], + updateValue[VALID_TO]); } else { - validCerts = + validCerts = certificateRepository.getValidCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + updateValue[VALID_FROM], + updateValue[VALID_TO]); } int i = 0; int l = 0; @@ -438,7 +437,7 @@ public class UpdateDir extends CMSServlet { if (validCerts != null) { while (validCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) validCerts.nextElement(); + (ICertRecord) validCerts.nextElement(); //X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -454,9 +453,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -465,55 +464,55 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; - SessionContext sc = SessionContext.getContext(); + SessionContext sc = SessionContext.getContext(); if (r == null) { if (CMS.isEncryptionCert(cert)) sc.put((Object) "isEncryptionCert", (Object) "true"); - else + else sc.put((Object) "isEncryptionCert", (Object) "false"); mPublisherProcessor.publishCert(cert, null); } else { if (CMS.isEncryptionCert(cert)) r.setExtData("isEncryptionCert", "true"); - else + else r.setExtData("isEncryptionCert", "false"); mPublisherProcessor.publishCert(cert, r); } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), + e.toString())); validCertsError += "Failed to publish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("validCertsPublished", - "Success"); + "Success"); if (i == 1) - header.addStringValue("validCertsError", i + - " valid certificate is published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificate is published in the directory."); else - header.addStringValue("validCertsError", i + - " valid certificates are published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificates are published in the directory."); } else { if (l == 0) { header.addStringValue("validCertsPublished", "No"); } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", - validCertsError); + header.addStringValue("validCertsError", + validCertsError); } } } else { @@ -525,7 +524,7 @@ public class UpdateDir extends CMSServlet { // all or expired if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_EXPIRED] != null && + (updateValue[UPDATE_EXPIRED] != null && updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[EXPIRED_FROM].startsWith("0x")) { @@ -537,25 +536,25 @@ public class UpdateDir extends CMSServlet { Enumeration expiredCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { expiredCerts = certificateRepository.getExpiredPublishedCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } else { expiredCerts = certificateRepository.getExpiredCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } int i = 0; int l = 0; StringBuffer expiredCertsError = new StringBuffer(); - if (expiredCerts != null) { + if (expiredCerts != null) { while (expiredCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) expiredCerts.nextElement(); + (ICertRecord) expiredCerts.nextElement(); //X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -571,9 +570,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -582,9 +581,9 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -595,10 +594,10 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); expiredCertsError.append( "Failed to unpublish certificate: 0x"); expiredCertsError.append( @@ -611,18 +610,18 @@ public class UpdateDir extends CMSServlet { if (i > 0 && i == l) { header.addStringValue("expiredCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("expiredCertsError", i + - " expired certificate is unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificate is unpublished in the directory."); else - header.addStringValue("expiredCertsError", i + - " expired certificates are unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("expiredCertsUnpublished", "No"); } else { header.addStringValue("expiredCertsUnpublished", "Failure"); - header.addStringValue("expiredCertsError", - expiredCertsError.toString()); + header.addStringValue("expiredCertsError", + expiredCertsError.toString()); } } } else { @@ -634,7 +633,7 @@ public class UpdateDir extends CMSServlet { // all or revoked if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_REVOKED] != null && + (updateValue[UPDATE_REVOKED] != null && updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[REVOKED_FROM].startsWith("0x")) { @@ -646,25 +645,25 @@ public class UpdateDir extends CMSServlet { Enumeration revokedCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { revokedCerts = certificateRepository.getRevokedPublishedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } else { revokedCerts = certificateRepository.getRevokedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } int i = 0; int l = 0; String revokedCertsError = ""; - if (revokedCerts != null) { + if (revokedCerts != null) { while (revokedCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) revokedCerts.nextElement(); + (ICertRecord) revokedCerts.nextElement(); //X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -680,9 +679,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -691,9 +690,9 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -704,32 +703,32 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); revokedCertsError += "Failed to unpublish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("revokedCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("revokedCertsError", i + - " revoked certificate is unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificate is unpublished in the directory."); else - header.addStringValue("revokedCertsError", i + - " revoked certificates are unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("revokedCertsUnpublished", "No"); } else { header.addStringValue("revokedCertsUnpublished", "Failure"); - header.addStringValue("revokedCertsError", - revokedCertsError); + header.addStringValue("revokedCertsError", + revokedCertsError); } } } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index f181e156..da78a38e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -122,242 +122,234 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.scep.CRSPKIMessage; - /** * This servlet deals with PKCS#10-based certificate requests from * CRS, now called SCEP, and defined at: - * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt + * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt * * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe - * + * * The HTTP parameters are 'operation' and 'message' * operation can be either 'GetCACert' or 'PKIOperation' - * + * * @version $Revision$, $Date$ */ -public class CRSEnrollment extends HttpServlet -{ - /** +public class CRSEnrollment extends HttpServlet { + /** * */ private static final long serialVersionUID = 8483002540957382369L; -protected IProfileSubsystem mProfileSubsystem = null; - protected String mProfileId = null; - protected ICertAuthority mAuthority; - protected IConfigStore mConfig = null; - protected IAuthSubsystem mAuthSubsystem; - protected String mAppendDN=null; - protected String mEntryObjectclass=null; - protected boolean mCreateEntry=false; - protected boolean mFlattenDN=false; - - private String mAuthManagerName; - private String mSubstoreName; - private boolean mEnabled = false; - private boolean mUseCA = true; - private String mNickname = null; - private String mTokenName = ""; - private String mHashAlgorithm = "SHA1"; - private String mHashAlgorithmList = null; - private String[] mAllowedHashAlgorithm; - private String mConfiguredEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithmList = null; - private String[] mAllowedEncryptionAlgorithm; - private Random mRandom = null; - private int mNonceSizeLimit = 0; - protected ILogger mLogger = CMS.getLogger(); - private ICertificateAuthority ca; - /* for hashing challenge password */ - protected MessageDigest mSHADigest = null; - - private static final String PROP_SUBSTORENAME = "substorename"; - private static final String PROP_AUTHORITY = "authority"; - private static final String PROP_CRS = "crs"; - private static final String PROP_CRSCA = "casubsystem"; - private static final String PROP_CRSAUTHMGR = "authName"; - private static final String PROP_APPENDDN = "appendDN"; - private static final String PROP_CREATEENTRY= "createEntry"; - private static final String PROP_FLATTENDN = "flattenDN"; - private static final String PROP_ENTRYOC = "entryObjectclass"; - - // URL parameters - private static final String URL_OPERATION = "operation"; - private static final String URL_MESSAGE = "message"; - - // possible values for 'operation' - private static final String OP_GETCACERT = "GetCACert"; - private static final String OP_PKIOPERATION = "PKIOperation"; - - public static final String AUTH_PASSWORD = "pwd"; - - public static final String AUTH_CREDS = "AuthCreds"; - public static final String AUTH_TOKEN = "AuthToken"; - public static final String AUTH_FAILED = "AuthFailed"; - - public static final String SANE_DNSNAME = "DNSName"; - public static final String SANE_IPADDRESS = "IPAddress"; - - public static final String CERTINFO = "CertInfo"; - public static final String SUBJECTNAME = "SubjectName"; - - - public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; - public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; - public static ObjectIdentifier OID_SERIALNUMBER = null; - - public CRSEnrollment(){} - - public static Hashtable<String, String> toHashtable(HttpServletRequest req) { - Hashtable<String, String> httpReqHash = new Hashtable<String, String>(); - @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); - while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - httpReqHash.put(name, req.getParameter(name)); - } - return httpReqHash; - } - - public void init(ServletConfig sc) { - // Find the CertificateAuthority we should use for CRS. - String crsCA = sc.getInitParameter(PROP_AUTHORITY); - if (crsCA == null) - crsCA = "ca"; - mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); - ca = (ICertificateAuthority)mAuthority; - - if (mAuthority == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA)); - } - - try { - if (mAuthority instanceof ISubsystem) { - IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore(); - IConfigStore scepConfig = authorityConfig.getSubStore("scep"); - mEnabled = scepConfig.getBoolean("enable", false); - mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); - mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); - mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); - mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); - mAllowedHashAlgorithm = mHashAlgorithmList.split(","); - mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); - mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); - mNickname = scepConfig.getString("nickname", ca.getNickname()); - if (mNickname.equals(ca.getNickname())) { - mTokenName = ca.getSigningUnit().getTokenName(); - } else { - mTokenName = scepConfig.getString("tokenname", ""); - mUseCA = false; - } - if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0)) { - int i = mNickname.indexOf(':'); - if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { - mNickname = mTokenName + ":" + mNickname; - } - } - } - } catch (EBaseException e) { - CMS.debug("CRSEnrollment: init: EBaseException: "+e); - } - mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+"."); - CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname); - CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname()); - CMS.debug("CRSEnrollment: init: Token name: "+mTokenName); - CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA); - CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit); - CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm); - CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList); - for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { - mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]); - } - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm); - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList); - for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { - mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]); - } - - try { - mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); - mProfileId = sc.getInitParameter("profileId"); - CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); - - mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); - mAppendDN = sc.getInitParameter(PROP_APPENDDN); - String tmp = sc.getInitParameter(PROP_CREATEENTRY); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mCreateEntry = true; - else - mCreateEntry = false; - tmp = sc.getInitParameter(PROP_FLATTENDN); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mFlattenDN = true; - else - mFlattenDN = false; - mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); - if (mEntryObjectclass == null) - mEntryObjectclass = "cep"; - mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); - if (mSubstoreName == null) - mSubstoreName = "default"; - } catch (Exception e) { - } - - OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); - OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); - OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); - - - try { - mSHADigest = MessageDigest.getInstance("SHA1"); + protected IProfileSubsystem mProfileSubsystem = null; + protected String mProfileId = null; + protected ICertAuthority mAuthority; + protected IConfigStore mConfig = null; + protected IAuthSubsystem mAuthSubsystem; + protected String mAppendDN = null; + protected String mEntryObjectclass = null; + protected boolean mCreateEntry = false; + protected boolean mFlattenDN = false; + + private String mAuthManagerName; + private String mSubstoreName; + private boolean mEnabled = false; + private boolean mUseCA = true; + private String mNickname = null; + private String mTokenName = ""; + private String mHashAlgorithm = "SHA1"; + private String mHashAlgorithmList = null; + private String[] mAllowedHashAlgorithm; + private String mConfiguredEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithmList = null; + private String[] mAllowedEncryptionAlgorithm; + private Random mRandom = null; + private int mNonceSizeLimit = 0; + protected ILogger mLogger = CMS.getLogger(); + private ICertificateAuthority ca; + /* for hashing challenge password */ + protected MessageDigest mSHADigest = null; + + private static final String PROP_SUBSTORENAME = "substorename"; + private static final String PROP_AUTHORITY = "authority"; + private static final String PROP_CRS = "crs"; + private static final String PROP_CRSCA = "casubsystem"; + private static final String PROP_CRSAUTHMGR = "authName"; + private static final String PROP_APPENDDN = "appendDN"; + private static final String PROP_CREATEENTRY = "createEntry"; + private static final String PROP_FLATTENDN = "flattenDN"; + private static final String PROP_ENTRYOC = "entryObjectclass"; + + // URL parameters + private static final String URL_OPERATION = "operation"; + private static final String URL_MESSAGE = "message"; + + // possible values for 'operation' + private static final String OP_GETCACERT = "GetCACert"; + private static final String OP_PKIOPERATION = "PKIOperation"; + + public static final String AUTH_PASSWORD = "pwd"; + + public static final String AUTH_CREDS = "AuthCreds"; + public static final String AUTH_TOKEN = "AuthToken"; + public static final String AUTH_FAILED = "AuthFailed"; + + public static final String SANE_DNSNAME = "DNSName"; + public static final String SANE_IPADDRESS = "IPAddress"; + + public static final String CERTINFO = "CertInfo"; + public static final String SUBJECTNAME = "SubjectName"; + + public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; + public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; + public static ObjectIdentifier OID_SERIALNUMBER = null; + + public CRSEnrollment() { + } + + public static Hashtable<String, String> toHashtable(HttpServletRequest req) { + Hashtable<String, String> httpReqHash = new Hashtable<String, String>(); + @SuppressWarnings("unchecked") + Enumeration<String> names = req.getParameterNames(); + while (names.hasMoreElements()) { + String name = (String) names.nextElement(); + httpReqHash.put(name, req.getParameter(name)); + } + return httpReqHash; + } + + public void init(ServletConfig sc) { + // Find the CertificateAuthority we should use for CRS. + String crsCA = sc.getInitParameter(PROP_AUTHORITY); + if (crsCA == null) + crsCA = "ca"; + mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); + ca = (ICertificateAuthority) mAuthority; + + if (mAuthority == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA)); + } + + try { + if (mAuthority instanceof ISubsystem) { + IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore(); + IConfigStore scepConfig = authorityConfig.getSubStore("scep"); + mEnabled = scepConfig.getBoolean("enable", false); + mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); + mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); + mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); + mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); + mAllowedHashAlgorithm = mHashAlgorithmList.split(","); + mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); + mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); + mNickname = scepConfig.getString("nickname", ca.getNickname()); + if (mNickname.equals(ca.getNickname())) { + mTokenName = ca.getSigningUnit().getTokenName(); + } else { + mTokenName = scepConfig.getString("tokenname", ""); + mUseCA = false; + } + if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) { + int i = mNickname.indexOf(':'); + if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { + mNickname = mTokenName + ":" + mNickname; + } + } + } + } catch (EBaseException e) { + CMS.debug("CRSEnrollment: init: EBaseException: " + e); + } + mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; + CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + "."); + CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname); + CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname()); + CMS.debug("CRSEnrollment: init: Token name: " + mTokenName); + CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA); + CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit); + CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm); + CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList); + for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { + mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]); + } + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm); + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList); + for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { + mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]); + } + + try { + mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile"); + mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId); + + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); + mAppendDN = sc.getInitParameter(PROP_APPENDDN); + String tmp = sc.getInitParameter(PROP_CREATEENTRY); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mCreateEntry = true; + else + mCreateEntry = false; + tmp = sc.getInitParameter(PROP_FLATTENDN); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mFlattenDN = true; + else + mFlattenDN = false; + mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); + if (mEntryObjectclass == null) + mEntryObjectclass = "cep"; + mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); + if (mSubstoreName == null) + mSubstoreName = "default"; + } catch (Exception e) { + } + + OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); + OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); + OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); + + try { + mSHADigest = MessageDigest.getInstance("SHA1"); + } catch (NoSuchAlgorithmException e) { + } + + mRandom = new Random(); } - catch (NoSuchAlgorithmException e) { - } - - mRandom = new Random(); - } - - - /** - * - * Service a CRS Request. It all starts here. This is where the message from the - * router is processed - * - * @param httpReq The HttpServletRequest. - * @param httpResp The HttpServletResponse. - * - */ - public void service(HttpServletRequest httpReq, + + /** + * + * Service a CRS Request. It all starts here. This is where the message from the + * router is processed + * + * @param httpReq The HttpServletRequest. + * @param httpResp The HttpServletResponse. + * + */ + public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws ServletException - { - boolean running_state = CMS.isInRunningState(); - if (!running_state) - throw new ServletException( - "CMS server is not ready to serve."); + throws ServletException { + boolean running_state = CMS.isInRunningState(); + if (!running_state) + throw new ServletException( + "CMS server is not ready to serve."); String operation = null; - String message = null; + String message = null; mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - - + // Parse the URL from the HTTP Request. Split it up into // a structure which enables us to read the form elements IArgBlock input = CMS.createArgBlock(toHashtable(httpReq)); - - try { + + try { // Read in two form parameters - the router sets these - operation = (String)input.get(URL_OPERATION); + operation = (String) input.get(URL_OPERATION); CMS.debug("operation=" + operation); - message = (String)input.get(URL_MESSAGE); + message = (String) input.get(URL_MESSAGE); CMS.debug("message=" + message); - + if (!mEnabled) { CMS.debug("CRSEnrollment: SCEP support is disabled."); throw new ServletException("SCEP support is disabled."); @@ -366,55 +358,48 @@ protected IProfileSubsystem mProfileSubsystem = null; // 'operation' is mandatory. throw new ServletException("Bad request: operation missing from URL"); } - - /** - * the router can make two kinds of requests - * 1) simple request for CA cert - * 2) encoded, signed, enveloped request for anything else (PKIOperation) + + /** + * the router can make two kinds of requests + * 1) simple request for CA cert + * 2) encoded, signed, enveloped request for anything else (PKIOperation) */ - + if (operation.equals(OP_GETCACERT)) { - handleGetCACert(httpReq, httpResp); - } - else if (operation.equals(OP_PKIOPERATION)) { - String decodeMode = (String)input.get("decode"); + handleGetCACert(httpReq, httpResp); + } else if (operation.equals(OP_PKIOPERATION)) { + String decodeMode = (String) input.get("decode"); if (decodeMode == null || decodeMode.equals("false")) { - handlePKIOperation(httpReq, httpResp, message); + handlePKIOperation(httpReq, httpResp, message); } else { - decodePKIMessage(httpReq, httpResp, message); + decodePKIMessage(httpReq, httpResp, message); } - } - else { + } else { CMS.debug("Invalid operation " + operation); - throw new ServletException("unknown operation requested: "+operation); + throw new ServletException("unknown operation requested: " + operation); } - - } - catch (ServletException e) - { + + } catch (ServletException e) { CMS.debug("ServletException " + e); throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug("Service exception " + e); + log(ILogger.LL_FAILURE, e.getMessage()); } - catch (Exception e) - { - CMS.debug("Service exception " + e); - log(ILogger.LL_FAILURE,e.getMessage()); - } - + } /** - * Log a message to the system log + * Log a message to the system log */ - private void log(int level, String msg) { - + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - level, "CEP Enrollment: "+msg); + level, "CEP Enrollment: " + msg); } - private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) { + private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) { boolean allowed = false; if (algorithm != null && algorithm.length() > 0) { @@ -429,7 +414,7 @@ protected IProfileSubsystem mProfileSubsystem = null; } public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { // build credential Enumeration<String> authNames = authenticator.getValueNames(); @@ -445,314 +430,308 @@ protected IProfileSubsystem mProfileSubsystem = null; credentials.set("clientHost", request.getRemoteHost()); IAuthToken authToken = authenticator.authenticate(credentials); if (authToken == null) { - return null; + return null; } SessionContext sc = SessionContext.getContext(); if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - /** - * Return the CA certificate back to the requestor. - * This needs to be changed so that if the CA has a certificate chain, - * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no - * signerInfo) - */ - - public void handleGetCACert(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException { - java.security.cert.X509Certificate[] chain = null; - - CertificateChain certChain = mAuthority.getCACertChain(); - - try { - if (certChain == null) { - throw new ServletException("Internal Error: cannot get CA Cert"); - } - - chain = certChain.getChain(); - - byte[] bytes = null; - - int i = 0; - String message = (String)httpReq.getParameter(URL_MESSAGE); - CMS.debug("handleGetCACert message=" + message); - if (message != null) { - try { - int j = Integer.parseInt(message); - if (j < chain.length) { - i = j; - } - } catch (NumberFormatException e1) { + /** + * Return the CA certificate back to the requestor. + * This needs to be changed so that if the CA has a certificate chain, + * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no + * signerInfo) + */ + + public void handleGetCACert(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException { + java.security.cert.X509Certificate[] chain = null; + + CertificateChain certChain = mAuthority.getCACertChain(); + + try { + if (certChain == null) { + throw new ServletException("Internal Error: cannot get CA Cert"); + } + + chain = certChain.getChain(); + + byte[] bytes = null; + + int i = 0; + String message = (String) httpReq.getParameter(URL_MESSAGE); + CMS.debug("handleGetCACert message=" + message); + if (message != null) { + try { + int j = Integer.parseInt(message); + if (j < chain.length) { + i = j; + } + } catch (NumberFormatException e1) { + } + } + CMS.debug("handleGetCACert selected chain=" + i); + + if (mUseCA) { + bytes = chain[i].getEncoded(); + } else { + CryptoContext cx = new CryptoContext(); + bytes = cx.getSigningCert().getEncoded(); + } + + httpResp.setContentType("application/x-x509-ca-cert"); + + // The following code may be used one day to encode + // the RA/CA cert chain for RA mode, but it will need some + // work. + + /****** + * SET certs = new SET(); + * for (int i=0; i<chain.length; i++) { + * ANY cert = new ANY(chain[i].getEncoded()); + * certs.addElement(cert); + * } + * + * SignedData crsd = new SignedData( + * new SET(), // empty set of digestAlgorithmID's + * new ContentInfo( + * new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}), + * null), //empty content + * certs, + * null, // no CRL's + * new SET() // empty SignerInfos + * ); + * + * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); + * + * ByteArrayOutputStream baos = new ByteArrayOutputStream(); + * wrap.encode(baos); + * + * bytes = baos.toByteArray(); + * + * httpResp.setContentType("application/x-x509-ca-ra-cert"); + *****/ + + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().write(bytes); + httpResp.getOutputStream().flush(); + + CMS.debug("Output certificate chain:"); + CMS.debug(bytes); + } catch (Exception e) { + CMS.debug("handleGetCACert exception " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage())); + throw new ServletException("Failed sending DER encoded version of CA cert to client"); + } + + } + + public String getPasswordFromP10(PKCS10 p10) { + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + try { + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + return (String) attr.get(ChallengePassword.PASSWORD); + } + } } - } - CMS.debug("handleGetCACert selected chain=" + i); - - if (mUseCA) { - bytes = chain[i].getEncoded(); - } else { - CryptoContext cx = new CryptoContext(); - bytes = cx.getSigningCert().getEncoded(); - } - - httpResp.setContentType("application/x-x509-ca-cert"); - - -// The following code may be used one day to encode -// the RA/CA cert chain for RA mode, but it will need some -// work. - - /****** - SET certs = new SET(); - for (int i=0; i<chain.length; i++) { - ANY cert = new ANY(chain[i].getEncoded()); - certs.addElement(cert); - } - - SignedData crsd = new SignedData( - new SET(), // empty set of digestAlgorithmID's - new ContentInfo( - new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}), - null), //empty content - certs, - null, // no CRL's - new SET() // empty SignerInfos - ); - - ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - wrap.encode(baos); - - bytes = baos.toByteArray(); - - httpResp.setContentType("application/x-x509-ca-ra-cert"); - *****/ - - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().write(bytes); - httpResp.getOutputStream().flush(); - - CMS.debug("Output certificate chain:"); - CMS.debug(bytes); - } - catch (Exception e) { - CMS.debug("handleGetCACert exception " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage())); - throw new ServletException("Failed sending DER encoded version of CA cert to client"); - } - - } - - public String getPasswordFromP10(PKCS10 p10) - { - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - try { - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - return (String)attr.get(ChallengePassword.PASSWORD); - } - } - } - } catch(Exception e1) { - // do nothing - } - return null; - } - - /** - * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a - * PKIMessage structure. We decode it to see what type message it is. - */ - - /** - * Decodes the PKI message and return information to RA. - */ - public void decodePKIMessage(HttpServletRequest httpReq, + } catch (Exception e1) { + // do nothing + } + return null; + } + + /** + * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a + * PKIMessage structure. We decode it to see what type message it is. + */ + + /** + * Decodes the PKI message and return information to RA. + */ + public void decodePKIMessage(HttpServletRequest httpReq, HttpServletResponse httpResp, String msg) - throws ServletException { - - CryptoContext cx=null; - - CRSPKIMessage req=null; - - byte[] decodedPKIMessage; - byte[] response=null; - String responseData = ""; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + + byte[] decodedPKIMessage; + byte[] response = null; + String responseData = ""; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - } - catch (Exception e) { - CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - unwrapPKCS10(req,cx); - - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("Profile '" + mProfileId + "' not found."); - throw new ServletException("Profile '" + mProfileId + "' not found."); - } else { - CMS.debug("Found profile '" + mProfileId + "'."); - } - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); - if (authenticator == null) { - CMS.debug("Authenticator not found."); - throw new ServletException("Authenticator not found."); - } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); - } - } catch (EProfileException e) { - throw new ServletException("Authenticator not found."); - } - AuthCredentials credentials = new AuthCredentials(); - IAuthToken authToken = null; - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); - - try { - authToken = authenticate(credentials, authenticator, httpReq); - } catch (Exception e) { - CMS.debug("Authentication failure: "+ e.getMessage()); - throw new ServletException("Authentication failure: "+ e.getMessage()); - } - if (authToken == null) { - CMS.debug("Authentication failure."); - throw new ServletException("Authentication failure."); - } - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - responseData = responseData + - "<TransactionID>" + transactionID + "</TransactionID>"; - - // End-User or RA's IP address - responseData = responseData + - "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; - - responseData = responseData + - "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - - // Deal with message type - String mt = req.getMessageType(); - responseData = responseData + - "<MessageType>" + mt + "</MessageType>"; - - PKCS10 p10 = (PKCS10)req.getP10(); - X500Name p10subject = p10.getSubjectName(); - responseData = responseData + - "<SubjectName>" + p10subject.toString() + "</SubjectName>"; - - String pkcs10Attr = ""; - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - pkcs10Attr = pkcs10Attr + - "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; - } - - } - String extensionsStr = ""; - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( - Boolean.valueOf(false), // noncritical - ext.getExtensionValue()); - - - @SuppressWarnings("unchecked") - Vector<GeneralNameInterface> v = - (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration<GeneralNameInterface> gne = v.elements(); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + unwrapPKCS10(req, cx); + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); + } + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); + } + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: " + e.getMessage()); + throw new ServletException("Authentication failure: " + e.getMessage()); + } + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); + } + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + responseData = responseData + + "<TransactionID>" + transactionID + "</TransactionID>"; + + // End-User or RA's IP address + responseData = responseData + + "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; + + responseData = responseData + + "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + + // Deal with message type + String mt = req.getMessageType(); + responseData = responseData + + "<MessageType>" + mt + "</MessageType>"; + + PKCS10 p10 = (PKCS10) req.getP10(); + X500Name p10subject = p10.getSubjectName(); + responseData = responseData + + "<SubjectName>" + p10subject.toString() + "</SubjectName>"; + + String pkcs10Attr = ""; + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + pkcs10Attr = pkcs10Attr + + "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; + } + + } + String extensionsStr = ""; + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( + Boolean.valueOf(false), // noncritical + ext.getExtensionValue()); + + @SuppressWarnings("unchecked") + Vector<GeneralNameInterface> v = + (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> gne = v.elements(); StringBuffer subjAltNameStr = new StringBuffer(); - while (gne.hasMoreElements()) { - GeneralNameInterface gni = gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; + while (gne.hasMoreElements()) { + GeneralNameInterface gni = gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon).trim(); + String gnValue = gn.substring(colon + 1).trim(); subjAltNameStr.append("<"); subjAltNameStr.append(gnType); @@ -761,1453 +740,1393 @@ protected IProfileSubsystem mProfileSubsystem = null; subjAltNameStr.append("</"); subjAltNameStr.append(gnType); subjAltNameStr.append(">"); - } - } // while + } + } // while extensionsStr = "<SubjAltName>" + - subjAltNameStr.toString() + "</SubjAltName>"; - } // if - } // while - pkcs10Attr = pkcs10Attr + + subjAltNameStr.toString() + "</SubjAltName>"; + } // if + } // while + pkcs10Attr = pkcs10Attr + "<Extensions>" + extensionsStr + "</Extensions>"; - } // if extensions - } // while - responseData = responseData + - "<PKCS10>" + pkcs10Attr + "</PKCS10>"; - - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - } catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - - responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; - // Get the response coding - response = responseData.getBytes(); - - // Encode the httpResp into B64 - httpResp.setContentType("application/xml"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - int i1 = responseData.indexOf("<Password>"); - if (i1 > -1) { - i1 += 10; // 10 is a length of "<Password>" - int i2 = responseData.indexOf("</Password>", i1); - if (i2 > -1) { - responseData = responseData.substring(0, i1) + "********" + + } // if extensions + } // while + responseData = responseData + + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage()); + } + + // We have now processed the request, and need to make the response message + + try { + + responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; + // Get the response coding + response = responseData.getBytes(); + + // Encode the httpResp into B64 + httpResp.setContentType("application/xml"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + int i1 = responseData.indexOf("<Password>"); + if (i1 > -1) { + i1 += 10; // 10 is a length of "<Password>" + int i2 = responseData.indexOf("</Password>", i1); + if (i2 > -1) { + responseData = responseData.substring(0, i1) + "********" + responseData.substring(i2, responseData.length()); - } - } - - CMS.debug("Output (decoding) PKIOperation response:"); - CMS.debug(responseData); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - - public void handlePKIOperation(HttpServletRequest httpReq, + } + } + + CMS.debug("Output (decoding) PKIOperation response:"); + CMS.debug(responseData); + } catch (Exception e) { + throw new ServletException("Failed to create response for CEP message" + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. + * If could not find any request - return null + * If could only find 'rejected' or 'cancelled' requests, return null + * If found 'pending' or 'completed' request - return that request + */ + + public void handlePKIOperation(HttpServletRequest httpReq, HttpServletResponse httpResp, String msg) - throws ServletException { - - - CryptoContext cx=null; - - CRSPKIMessage req=null; - CRSPKIMessage crsResp=null; - - byte[] decodedPKIMessage; - byte[] response=null; - X509CertImpl cert = null; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + CRSPKIMessage crsResp = null; + + byte[] decodedPKIMessage; + byte[] response = null; + X509CertImpl cert = null; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + crsResp = new CRSPKIMessage(); + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); + } + crsResp.setMessageType(CRSPKIMessage.mType_CertRep); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + if (transactionID == null) { + throw new ServletException("Error: malformed PKIMessage - missing transactionID"); + } else { + crsResp.setTransactionID(transactionID); + } + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + if (sn == null) { + throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); + } else { + if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { + byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null; + System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); + crsResp.setRecipientNonce(snLimited); + } else { + crsResp.setRecipientNonce(sn); + } + byte[] serverNonce = new byte[16]; + mRandom.nextBytes(serverNonce); + crsResp.setSenderNonce(serverNonce); + // crsResp.setSenderNonce(new byte[] {0}); + } + + // Deal with message type + String mt = req.getMessageType(); + if (mt == null) { + throw new ServletException("Error: malformed PKIMessage - missing messageType"); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - crsResp = new CRSPKIMessage(); - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (Exception e) { + + // now run appropriate code, depending on message type + if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { + CMS.debug("Processing PKCSReq"); + try { + // Check if there is an existing request. If this returns non-null, + // then the request is 'active' (either pending or completed) in + // which case, we compare the hash of the new request to the hash of the + // one in the queue - if they are the same, I return the state of the + // original request - as if it was 'getCertInitial' message. + // If the hashes are different, then the user attempted to enroll + // for a new request with the same txid, which is not allowed - + // so we return 'failure'. + + IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true); + + // If there was no request (with a cert) with this transaction ID, + // process it as a new request + + cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx); + + } catch (CRSFailureException e) { + throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage()); + } + } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { + CMS.debug("Processing GetCertInitial"); + cert = handleGetCertInitial(req, crsResp); + } else { + CMS.debug("Invalid request type " + mt); + } + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - crsResp.setMessageType(CRSPKIMessage.mType_CertRep); - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - if (transactionID == null) { - throw new ServletException("Error: malformed PKIMessage - missing transactionID"); - } - else { - crsResp.setTransactionID(transactionID); - } - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - if (sn == null) { - throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); - } - else { - if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { - byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null; - System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); - crsResp.setRecipientNonce(snLimited); - } else { - crsResp.setRecipientNonce(sn); - } - byte[] serverNonce = new byte[16]; - mRandom.nextBytes(serverNonce); - crsResp.setSenderNonce(serverNonce); - // crsResp.setSenderNonce(new byte[] {0}); - } - - // Deal with message type - String mt = req.getMessageType(); - if (mt == null) { - throw new ServletException("Error: malformed PKIMessage - missing messageType"); - } - - // now run appropriate code, depending on message type - if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { - CMS.debug("Processing PKCSReq"); - try { - // Check if there is an existing request. If this returns non-null, - // then the request is 'active' (either pending or completed) in - // which case, we compare the hash of the new request to the hash of the - // one in the queue - if they are the same, I return the state of the - // original request - as if it was 'getCertInitial' message. - // If the hashes are different, then the user attempted to enroll - // for a new request with the same txid, which is not allowed - - // so we return 'failure'. - - IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true); - - // If there was no request (with a cert) with this transaction ID, - // process it as a new request - - cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx); - - } - catch (CRSFailureException e) { - throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage()); - } - } - else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { - CMS.debug("Processing GetCertInitial"); - cert = handleGetCertInitial(req,crsResp); - } else { - CMS.debug("Invalid request type " + mt); - } - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - } - catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - // make the response - processCertRep(cx, cert,crsResp, req); - - // Get the response coding - response = crsResp.getResponse(); - - // Encode the crsResp into B64 - httpResp.setContentType("application/x-pki-message"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - CMS.debug("Output PKIOperation response:"); - CMS.debug(CMS.BtoA(response)); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) - throws EBaseException { - - /* Check if certificate request has been completed */ - - IRequestQueue rq = ca.getRequestQueue(); - IRequest foundRequest = null; - - Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid); - if (rids == null) { return null; } - - int count=0; - while (rids.hasMoreElements()) { - RequestId rid = rids.nextElement(); - if (rid == null) { - continue; - } - - IRequest request = rq.findRequest(rid); - if (request == null) { - continue; - } - if ( !ignoreRejected || - request.getRequestStatus().equals(RequestStatus.PENDING) || - request.getRequestStatus().equals(RequestStatus.COMPLETE)) { - if (foundRequest != null) { - } - foundRequest = request; - } - } - return foundRequest; - } - - /** - * Called if the router is requesting us to send it its certificate - * Examine request queue for a request matching the transaction ID. - * Ignore any rejected or cancelled requests. - * - * If a request is found in the pending state, the response should be - * 'pending' - * - * If a request is found in the completed state, the response should be - * to return the certificate - * - * If no request is found, the response should be to return null - * - */ - - public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) - { - IRequest foundRequest=null; - - // already done by handlePKIOperation - // resp.setRecipientNonce(req.getSenderNonce()); - // resp.setSenderNonce(null); - - try { - foundRequest = findRequestByTransactionID(req.getTransactionID(),false); - } catch (EBaseException e) { - } - - if (foundRequest == null) { - resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); - resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - - return makeResponseFromRequest(req,resp,foundRequest); - } - - - public void verifyRequest(CRSPKIMessage req, CryptoContext cx) - throws CRSInvalidSignatureException { - - // Get Signed Data - - byte[] reqAAbytes = req.getAA(); - byte[] reqAAsig = req.getAADigest(); - - } - - - /** - * Create an entry for this user in the publishing directory - * - */ - - private boolean createEntry(String dn) - { - boolean result = false; - - IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); - if (ldapPub == null || !ldapPub.enabled()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); - - return result; - } - - ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory(); - if (connFactory == null) { - return result; - } - - LDAPConnection connection=null; - try { - connection = connFactory.getConn(); - String[] objectclasses = { "top", mEntryObjectclass }; - LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses); - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - attrSet.add(ocAttrs); - - LDAPEntry newEntry = new LDAPEntry(dn, attrSet); - connection.add(newEntry); - result=true; - } - catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn)); - } - finally { - try { - connFactory.returnConn(connection); - } - catch (Exception f) {} - } - return result; + throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage()); + } + + // We have now processed the request, and need to make the response message + + try { + // make the response + processCertRep(cx, cert, crsResp, req); + + // Get the response coding + response = crsResp.getResponse(); + + // Encode the crsResp into B64 + httpResp.setContentType("application/x-pki-message"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + CMS.debug("Output PKIOperation response:"); + CMS.debug(CMS.BtoA(response)); + } catch (Exception e) { + throw new ServletException("Failed to create response for CEP message" + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. + * If could not find any request - return null + * If could only find 'rejected' or 'cancelled' requests, return null + * If found 'pending' or 'completed' request - return that request + */ + + public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) + throws EBaseException { + + /* Check if certificate request has been completed */ + + IRequestQueue rq = ca.getRequestQueue(); + IRequest foundRequest = null; + + Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid); + if (rids == null) { + return null; + } + + int count = 0; + while (rids.hasMoreElements()) { + RequestId rid = rids.nextElement(); + if (rid == null) { + continue; + } + + IRequest request = rq.findRequest(rid); + if (request == null) { + continue; + } + if (!ignoreRejected || + request.getRequestStatus().equals(RequestStatus.PENDING) || + request.getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (foundRequest != null) { + } + foundRequest = request; + } + } + return foundRequest; } + /** + * Called if the router is requesting us to send it its certificate + * Examine request queue for a request matching the transaction ID. + * Ignore any rejected or cancelled requests. + * + * If a request is found in the pending state, the response should be + * 'pending' + * + * If a request is found in the completed state, the response should be + * to return the certificate + * + * If no request is found, the response should be to return null + * + */ + + public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) { + IRequest foundRequest = null; + + // already done by handlePKIOperation + // resp.setRecipientNonce(req.getSenderNonce()); + // resp.setSenderNonce(null); + + try { + foundRequest = findRequestByTransactionID(req.getTransactionID(), false); + } catch (EBaseException e) { + } + + if (foundRequest == null) { + resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); + resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + + return makeResponseFromRequest(req, resp, foundRequest); + } + + public void verifyRequest(CRSPKIMessage req, CryptoContext cx) + throws CRSInvalidSignatureException { + + // Get Signed Data + + byte[] reqAAbytes = req.getAA(); + byte[] reqAAsig = req.getAADigest(); + + } + + /** + * Create an entry for this user in the publishing directory + * + */ + + private boolean createEntry(String dn) { + boolean result = false; + IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); + if (ldapPub == null || !ldapPub.enabled()) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); + + return result; + } - /** - * Here we decrypt the PKCS10 message from the client - * - */ - - public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) - throws ServletException, + ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub).getLdapConnModule().getLdapConnFactory(); + if (connFactory == null) { + return result; + } + + LDAPConnection connection = null; + try { + connection = connFactory.getConn(); + String[] objectclasses = { "top", mEntryObjectclass }; + LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + attrSet.add(ocAttrs); + + LDAPEntry newEntry = new LDAPEntry(dn, attrSet); + connection.add(newEntry); + result = true; + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn)); + } finally { + try { + connFactory.returnConn(connection); + } catch (Exception f) { + } + } + return result; + } + + /** + * Here we decrypt the PKCS10 message from the client + * + */ + + public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, - CryptoContext.CryptoContextException, + CryptoContext.CryptoContextException, CRSFailureException { - - byte[] decryptedP10bytes = null; - SymmetricKey sk; - SymmetricKey skinternal; - SymmetricKey.Type skt; - KeyWrapper kw; - Cipher cip; - EncryptionAlgorithm ea; - boolean errorInRequest = false; - - // Unwrap the session key with the Cert server key - try { - kw = cx.getKeyWrapper(); - - kw.initUnwrap(cx.getPrivateKey(),null); - - skt = SymmetricKey.Type.DES; - ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - skt = SymmetricKey.Type.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - sk = kw.unwrapSymmetric(req.getWrappedKey(), + + byte[] decryptedP10bytes = null; + SymmetricKey sk; + SymmetricKey skinternal; + SymmetricKey.Type skt; + KeyWrapper kw; + Cipher cip; + EncryptionAlgorithm ea; + boolean errorInRequest = false; + + // Unwrap the session key with the Cert server key + try { + kw = cx.getKeyWrapper(); + + kw.initUnwrap(cx.getPrivateKey(), null); + + skt = SymmetricKey.Type.DES; + ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + skt = SymmetricKey.Type.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + + sk = kw.unwrapSymmetric(req.getWrappedKey(), skt, SymmetricKey.Usage.DECRYPT, - 0); // keylength is ignored - - skinternal = cx.getDESKeyGenerator().clone(sk); - - cip = skinternal.getOwningToken().getCipherContext(ea); - - cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV()))); - - decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); - CMS.debug("decryptedP10bytes:"); - CMS.debug(decryptedP10bytes); - - req.setP10(new PKCS10(decryptedP10bytes)); - } catch (Exception e) { - CMS.debug("failed to unwrap PKCS10 " + e); - throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage()); - } - - } - - - -private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) - throws CRSFailureException { - - IRequest issueReq = null; - X509CertImpl issuedCert=null; - SubjectAlternativeNameExtension sane = null; - CertAttrSet requested_ext = null; - - try { - PKCS10 p10 = req.getP10(); - - if (p10 == null) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); - } - - AuthCredentials authCreds = new AuthCredentials(); - - String challengePassword = null; - // Here, we make a new CertInfo - it's a new start for a certificate - - X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - - // get some stuff out of the request - X509Key key = p10.getSubjectPublicKeyInfo(); - X500Name p10subject = p10.getSubjectName(); - - X500Name subject=null; - - // The following code will copy all the attributes - // into the AuthCredentials so they can be used for - // authentication - // - // Optionally, you can re-map the subject name from: - // one RDN, with many AVA's to - // many RDN's with one AVA in each. - - Enumeration<RDN> rdne = p10subject.getRDNs(); - Vector<RDN> rdnv = new Vector<RDN>(); - - Hashtable<String, String> sanehash = new Hashtable<String, String>(); - - X500NameAttrMap xnap = X500NameAttrMap.getDefault(); - while (rdne.hasMoreElements()) { - RDN rdn = (RDN) rdne.nextElement(); - int i=0; - AVA[] oldavas = rdn.getAssertion(); - for (i=0; i<rdn.getAssertionLength(); i++) { - AVA[] newavas = new AVA[1]; - newavas[0] = oldavas[i]; - - authCreds.set(xnap.getName(oldavas[i].getOid()), - oldavas[i].getValue().getAsString()); - - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { - - sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString()); - } - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { - sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString()); - } - - RDN newrdn = new RDN(newavas); - if (mFlattenDN) { - rdnv.addElement(newrdn); - } - } - } - - if (mFlattenDN) subject = new X500Name(rdnv); - else subject = p10subject; - - - // create default key usage extension - KeyUsageExtension kue = new KeyUsageExtension(); - kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); - kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); - - - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - req.put(AUTH_PASSWORD, - (String)attr.get(ChallengePassword.PASSWORD)); - req.put(ChallengePassword.NAME, - hashPassword( - (String)attr.get(ChallengePassword.PASSWORD))); - } - } - - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(KeyUsageExtension.IDENT)) ) { - - kue = new KeyUsageExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - } - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - sane = new SubjectAlternativeNameExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - - - @SuppressWarnings("unchecked") - Vector<GeneralNameInterface> v = - (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration<GeneralNameInterface> gne = v.elements(); - - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; - - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); - - authCreds.set(gnType,gnValue); - } - } - } - } - } - } - - if (authCreds != null) req.put(AUTH_CREDS,authCreds); - - try { - if (sane == null) sane = makeDefaultSubjectAltName(sanehash); - } catch (Exception sane_e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - sane_e.getMessage())); - } - - - - try { - if (mAppendDN != null && ! mAppendDN.equals("")) { - - X500Name newSubject = new X500Name(subject.toString()); - subject = new X500Name( subject.toString().concat(","+mAppendDN)); - } - - } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname"); - } - - if (subject != null) req.put(SUBJECTNAME, subject); - - if (key == null || subject == null) { - // log - //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); - } - - - - certInfo.set(X509CertInfo.VERSION, + 0); // keylength is ignored + + skinternal = cx.getDESKeyGenerator().clone(sk); + + cip = skinternal.getOwningToken().getCipherContext(ea); + + cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV()))); + + decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); + CMS.debug("decryptedP10bytes:"); + CMS.debug(decryptedP10bytes); + + req.setP10(new PKCS10(decryptedP10bytes)); + } catch (Exception e) { + CMS.debug("failed to unwrap PKCS10 " + e); + throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage()); + } + + } + + private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) + throws CRSFailureException { + + IRequest issueReq = null; + X509CertImpl issuedCert = null; + SubjectAlternativeNameExtension sane = null; + CertAttrSet requested_ext = null; + + try { + PKCS10 p10 = req.getP10(); + + if (p10 == null) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); + } + + AuthCredentials authCreds = new AuthCredentials(); + + String challengePassword = null; + // Here, we make a new CertInfo - it's a new start for a certificate + + X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); + + // get some stuff out of the request + X509Key key = p10.getSubjectPublicKeyInfo(); + X500Name p10subject = p10.getSubjectName(); + + X500Name subject = null; + + // The following code will copy all the attributes + // into the AuthCredentials so they can be used for + // authentication + // + // Optionally, you can re-map the subject name from: + // one RDN, with many AVA's to + // many RDN's with one AVA in each. + + Enumeration<RDN> rdne = p10subject.getRDNs(); + Vector<RDN> rdnv = new Vector<RDN>(); + + Hashtable<String, String> sanehash = new Hashtable<String, String>(); + + X500NameAttrMap xnap = X500NameAttrMap.getDefault(); + while (rdne.hasMoreElements()) { + RDN rdn = (RDN) rdne.nextElement(); + int i = 0; + AVA[] oldavas = rdn.getAssertion(); + for (i = 0; i < rdn.getAssertionLength(); i++) { + AVA[] newavas = new AVA[1]; + newavas[0] = oldavas[i]; + + authCreds.set(xnap.getName(oldavas[i].getOid()), + oldavas[i].getValue().getAsString()); + + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { + + sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString()); + } + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { + sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString()); + } + + RDN newrdn = new RDN(newavas); + if (mFlattenDN) { + rdnv.addElement(newrdn); + } + } + } + + if (mFlattenDN) + subject = new X500Name(rdnv); + else + subject = p10subject; + + // create default key usage extension + KeyUsageExtension kue = new KeyUsageExtension(); + kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); + kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); + + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + req.put(AUTH_PASSWORD, + (String) attr.get(ChallengePassword.PASSWORD)); + req.put(ChallengePassword.NAME, + hashPassword( + (String) attr.get(ChallengePassword.PASSWORD))); + } + } + + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(KeyUsageExtension.IDENT))) { + + kue = new KeyUsageExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + } + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + sane = new SubjectAlternativeNameExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + + @SuppressWarnings("unchecked") + Vector<GeneralNameInterface> v = + (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> gne = v.elements(); + + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon).trim(); + String gnValue = gn.substring(colon + 1).trim(); + + authCreds.set(gnType, gnValue); + } + } + } + } + } + } + + if (authCreds != null) + req.put(AUTH_CREDS, authCreds); + + try { + if (sane == null) + sane = makeDefaultSubjectAltName(sanehash); + } catch (Exception sane_e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + sane_e.getMessage())); + } + + try { + if (mAppendDN != null && !mAppendDN.equals("")) { + + X500Name newSubject = new X500Name(subject.toString()); + subject = new X500Name(subject.toString().concat("," + mAppendDN)); + } + + } catch (Exception sne) { + log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname"); + } + + if (subject != null) + req.put(SUBJECTNAME, subject); + + if (key == null || subject == null) { + // log + //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); + } + + certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - - certInfo.set(X509CertInfo.SUBJECT, + + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject)); - - certInfo.set(X509CertInfo.KEY, + + certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); - - CertificateExtensions ext = new CertificateExtensions(); - - if (kue != null) { - ext.set(KeyUsageExtension.class.getSimpleName(), kue); - } - - // add subjectAltName extension, if present - if (sane != null) { - ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane); - } - - certInfo.set(X509CertInfo.EXTENSIONS,ext); - - req.put(CERTINFO, certInfo); - } catch (Exception e) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return ; - } // NEED TO FIX - } - - - private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) { - - // if no subjectaltname extension was requested, we try to make it up - // from some of the elements of the subject name - - int itemCount = ht.size(); - GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; - - itemCount = 0; - Enumeration<String> en = ht.keys(); - while (en.hasMoreElements()) { - String key = (String) en.nextElement(); - if (key.equals(SANE_DNSNAME)) { - gn[itemCount++] = new DNSName((String)ht.get(key)); - } - if (key.equals(SANE_IPADDRESS)) { - gn[itemCount++] = new IPAddressName((String)ht.get(key)); + + CertificateExtensions ext = new CertificateExtensions(); + + if (kue != null) { + ext.set(KeyUsageExtension.class.getSimpleName(), kue); + } + + // add subjectAltName extension, if present + if (sane != null) { + ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane); + } + + certInfo.set(X509CertInfo.EXTENSIONS, ext); + + req.put(CERTINFO, certInfo); + } catch (Exception e) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return; + } // NEED TO FIX + } + + private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) { + + // if no subjectaltname extension was requested, we try to make it up + // from some of the elements of the subject name + + int itemCount = ht.size(); + GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; + + itemCount = 0; + Enumeration<String> en = ht.keys(); + while (en.hasMoreElements()) { + String key = (String) en.nextElement(); + if (key.equals(SANE_DNSNAME)) { + gn[itemCount++] = new DNSName((String) ht.get(key)); + } + if (key.equals(SANE_IPADDRESS)) { + gn[itemCount++] = new IPAddressName((String) ht.get(key)); + } + } + + try { + return new SubjectAlternativeNameExtension(new GeneralNames(gn)); + } catch (Exception e) { + log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + e.getMessage())); + return null; } } - try { - return new SubjectAlternativeNameExtension( new GeneralNames(gn) ); - } catch (Exception e) { - log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - e.getMessage())); - return null; - } - } - - - - // Perform authentication - - /* - * if the authentication is set up for CEP, and the user provides - * some credential, an attempt is made to authenticate the user - * If this fails, this method will return true - * If it is sucessful, this method will return true and - * an authtoken will be in the request - * - * If authentication is not configured, this method will - * return false. The request will be processed in the usual - * way, but no authtoken will be in the request. - * - * In other word, this method returns true if the request - * should be aborted, false otherwise. - */ - - private boolean authenticateUser(CRSPKIMessage req) { - boolean authenticationFailed = true; - - if (mAuthManagerName == null) { - return false; - } - - String password = (String)req.get(AUTH_PASSWORD); - - AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS); - - if (authCreds == null) { - authCreds = new AuthCredentials(); - } - - // authtoken starts as null - AuthToken token = null; - - if (password != null && !password.equals("")) { - try { - authCreds.set(AUTH_PASSWORD,password); - } catch (Exception e) {} - } - + // Perform authentication - try { - token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName); - authCreds.delete(AUTH_PASSWORD); - // if we got here, the authenticate call must not have thrown - // an exception - authenticationFailed = false; - } - catch (EInvalidCredentials ex) { - // Invalid credentials - we must reject the request - authenticationFailed = true; - } - catch (EMissingCredential mc) { - // Misssing credential - we'll log, and process manually - authenticationFailed = false; - } - catch (EBaseException ex) { - // If there's some other error, we'll reject - // So, we just continue on, - AUTH_TOKEN will not be set. - } - - if (token != null) { - req.put(AUTH_TOKEN,token); - } - - return authenticationFailed; - } - - private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) - { - - Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); - if (old_fprints == null) { return false; } - - byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); - byte[] new_md5 = (byte[]) fingerprints.get("MD5"); - - if (old_md5.length != new_md5.length) return false; - - for (int i=0;i<old_md5.length; i++) { - if (old_md5[i] != new_md5[i]) return false; - } - return true; - } - - public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, - IRequest cmsRequest, CRSPKIMessage req, - CRSPKIMessage crsResp, CryptoContext cx) - throws ServletException, + /* + * if the authentication is set up for CEP, and the user provides + * some credential, an attempt is made to authenticate the user + * If this fails, this method will return true + * If it is sucessful, this method will return true and + * an authtoken will be in the request + * + * If authentication is not configured, this method will + * return false. The request will be processed in the usual + * way, but no authtoken will be in the request. + * + * In other word, this method returns true if the request + * should be aborted, false otherwise. + */ + + private boolean authenticateUser(CRSPKIMessage req) { + boolean authenticationFailed = true; + + if (mAuthManagerName == null) { + return false; + } + + String password = (String) req.get(AUTH_PASSWORD); + + AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS); + + if (authCreds == null) { + authCreds = new AuthCredentials(); + } + + // authtoken starts as null + AuthToken token = null; + + if (password != null && !password.equals("")) { + try { + authCreds.set(AUTH_PASSWORD, password); + } catch (Exception e) { + } + } + + try { + token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName); + authCreds.delete(AUTH_PASSWORD); + // if we got here, the authenticate call must not have thrown + // an exception + authenticationFailed = false; + } catch (EInvalidCredentials ex) { + // Invalid credentials - we must reject the request + authenticationFailed = true; + } catch (EMissingCredential mc) { + // Misssing credential - we'll log, and process manually + authenticationFailed = false; + } catch (EBaseException ex) { + // If there's some other error, we'll reject + // So, we just continue on, - AUTH_TOKEN will not be set. + } + + if (token != null) { + req.put(AUTH_TOKEN, token); + } + + return authenticationFailed; + } + + private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) { + + Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); + if (old_fprints == null) { + return false; + } + + byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); + byte[] new_md5 = (byte[]) fingerprints.get("MD5"); + + if (old_md5.length != new_md5.length) + return false; + + for (int i = 0; i < old_md5.length; i++) { + if (old_md5[i] != new_md5[i]) + return false; + } + return true; + } + + public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, + IRequest cmsRequest, CRSPKIMessage req, + CRSPKIMessage crsResp, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, CRSFailureException { - try { - unwrapPKCS10(req,cx); - Hashtable<String, byte[]> fingerprints = makeFingerPrints(req); - - if (cmsRequest != null) { - if (areFingerprintsEqual(cmsRequest, fingerprints)) { - CMS.debug("created response from request"); - return makeResponseFromRequest(req,crsResp,cmsRequest); - } - else { - CMS.debug("duplicated transaction id"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - } - - getDetailFromRequest(req,crsResp); - boolean authFailed = authenticateUser(req); - - if (authFailed) { - CMS.debug("authentication failed"); - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - - - // perform audit log - String auditMessage = CMS.getLogMessage( + try { + unwrapPKCS10(req, cx); + Hashtable<String, byte[]> fingerprints = makeFingerPrints(req); + + if (cmsRequest != null) { + if (areFingerprintsEqual(cmsRequest, fingerprints)) { + CMS.debug("created response from request"); + return makeResponseFromRequest(req, crsResp, cmsRequest); + } else { + CMS.debug("duplicated transaction id"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + } + + getDetailFromRequest(req, crsResp); + boolean authFailed = authenticateUser(req); + + if (authFailed) { + CMS.debug("authentication failed"); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + + // perform audit log + String auditMessage = CMS.getLogMessage( "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", httpReq.getRemoteAddr(), ILogger.FAILURE, req.getTransactionID(), "CRSEnrollment", ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, auditMessage); - } - - return null; - } - else { - IRequest ireq = postRequest(httpReq, req,crsResp); - - - CMS.debug("created response"); - return makeResponseFromRequest(req,crsResp, ireq); - } - } catch (CryptoContext.CryptoContextException e) { - CMS.debug("failed to decrypt the request " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } catch (EBaseException e) { - CMS.debug("operation failure - " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } - return null; - } - - -////// post the request - -/* - needed: - - token (authtoken) - certInfo - fingerprints x - req.transactionID - crsResp -*/ - -private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) -throws EBaseException { - X500Name subject = (X500Name)req.get(SUBJECTNAME); - - if (mCreateEntry) { - if (subject == null) { - CMS.debug( "CRSEnrollment::postRequest() - subject is null!" ); - return null; - } - createEntry(subject.toString()); - } - - // use profile framework to handle SCEP - if (mProfileId != null) { - PKCS10 pkcs10data = req.getP10(); - String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); - - // XXX authentication handling - CMS.debug("Found profile=" + mProfileId); - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("profile " + mProfileId + " not found"); - return null; - } - IProfileContext ctx = profile.createContext(); - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); + ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + if (signedAuditLogger != null) { + signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, auditMessage); + } + + return null; + } else { + IRequest ireq = postRequest(httpReq, req, crsResp); + + CMS.debug("created response"); + return makeResponseFromRequest(req, crsResp, ireq); + } + } catch (CryptoContext.CryptoContextException e) { + CMS.debug("failed to decrypt the request " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } catch (EBaseException e) { + CMS.debug("operation failure - " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } + return null; + } + + ////// post the request + + /* + needed: + + token (authtoken) + certInfo + fingerprints x + req.transactionID + crsResp + */ + + private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) + throws EBaseException { + X500Name subject = (X500Name) req.get(SUBJECTNAME); + + if (mCreateEntry) { + if (subject == null) { + CMS.debug("CRSEnrollment::postRequest() - subject is null!"); + return null; + } + createEntry(subject.toString()); + } + + // use profile framework to handle SCEP + if (mProfileId != null) { + PKCS10 pkcs10data = req.getP10(); + String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); + + // XXX authentication handling + CMS.debug("Found profile=" + mProfileId); + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("profile " + mProfileId + " not found"); + return null; + } + IProfileContext ctx = profile.createContext(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("No authenticator Found"); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + // authenticator not installed correctly + } + + IAuthToken authToken = null; + + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(httpReq)); + + String p10Password = getPasswordFromP10(pkcs10data); + AuthCredentials credentials = new AuthCredentials(); + credentials.set("UID", httpReq.getRemoteAddr()); + credentials.set("PWD", p10Password); + if (authenticator == null) { - CMS.debug("No authenticator Found"); + // XXX - to help caRouterCert to work, we need to + // add authentication to caRouterCert + authToken = new AuthToken(null); } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + authToken = authenticate(credentials, authenticator, httpReq); } - } catch (EProfileException e) { - // authenticator not installed correctly - } - - IAuthToken authToken = null; - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - - // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(httpReq)); - - String p10Password = getPasswordFromP10(pkcs10data); - AuthCredentials credentials = new AuthCredentials(); - credentials.set("UID", httpReq.getRemoteAddr()); - credentials.set("PWD", p10Password); - - if (authenticator == null) { - // XXX - to help caRouterCert to work, we need to - // add authentication to caRouterCert - authToken = new AuthToken(null); - } else { - authToken = authenticate(credentials, authenticator, httpReq); - } - - IRequest reqs[] = null; - CMS.debug("CRSEnrollment: Creating profile requests"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - Locale locale = Locale.getDefault(); - reqs = profile.createRequests(ctx, locale); - if (reqs == null) { - CMS.debug("CRSEnrollment: No request has been created"); - return null; - } else { - CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); - } - // set transaction id - reqs[0].setSourceId(req.getTransactionID()); - reqs[0].setExtData("profile", "true"); - reqs[0].setExtData("profileId", mProfileId); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - reqs[0].setExtData("requestor_name", ""); - reqs[0].setExtData("requestor_email", ""); - reqs[0].setExtData("requestor_phone", ""); - reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); - reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); - reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); - - CMS.debug("CRSEnrollment: Populating inputs"); - profile.populateInput(ctx, reqs[0]); - CMS.debug("CRSEnrollment: Populating requests"); - profile.populate(reqs[0]); - - CMS.debug("CRSEnrollment: Submitting request"); - profile.submit(authToken, reqs[0]); - CMS.debug("CRSEnrollment: Done submitting request"); - profile.getRequestQueue().markAsServiced(reqs[0]); - CMS.debug("CRSEnrollment: Request marked as serviced"); - - return reqs[0]; - - } - - IRequestQueue rq = ca.getRequestQueue(); - IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); - - AuthToken token = (AuthToken) req.get(AUTH_TOKEN); - if (token != null) { - pkiReq.setExtData(IRequest.AUTH_TOKEN,token); - } - - pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); - X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); - pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } ); - pkiReq.setExtData("cepsubstore", mSubstoreName); - - try { - String chpwd = (String)req.get(ChallengePassword.NAME); - if (chpwd != null) { - pkiReq.setExtData("challengePhrase", - chpwd ); - } - } catch (Exception pwex) { - } - - Hashtable<?, ?> fingerprints = (Hashtable<?, ?>)req.get(IRequest.FINGERPRINTS); - if (fingerprints.size() > 0) { - Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size()); - Enumeration<?> e = fingerprints.keys(); - while (e.hasMoreElements()) { - String key = (String)e.nextElement(); - byte[] value = (byte[])fingerprints.get(key); - encodedPrints.put(key, CMS.BtoA(value)); - } - pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); - } - - pkiReq.setSourceId(req.getTransactionID()); - - rq.processRequest(pkiReq); - - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + + IRequest reqs[] = null; + CMS.debug("CRSEnrollment: Creating profile requests"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + Locale locale = Locale.getDefault(); + reqs = profile.createRequests(ctx, locale); + if (reqs == null) { + CMS.debug("CRSEnrollment: No request has been created"); + return null; + } else { + CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); + } + // set transaction id + reqs[0].setSourceId(req.getTransactionID()); + reqs[0].setExtData("profile", "true"); + reqs[0].setExtData("profileId", mProfileId); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + reqs[0].setExtData("requestor_name", ""); + reqs[0].setExtData("requestor_email", ""); + reqs[0].setExtData("requestor_phone", ""); + reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); + reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); + reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); + + CMS.debug("CRSEnrollment: Populating inputs"); + profile.populateInput(ctx, reqs[0]); + CMS.debug("CRSEnrollment: Populating requests"); + profile.populate(reqs[0]); + + CMS.debug("CRSEnrollment: Submitting request"); + profile.submit(authToken, reqs[0]); + CMS.debug("CRSEnrollment: Done submitting request"); + profile.getRequestQueue().markAsServiced(reqs[0]); + CMS.debug("CRSEnrollment: Request marked as serviced"); + + return reqs[0]; + + } + + IRequestQueue rq = ca.getRequestQueue(); + IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); + + AuthToken token = (AuthToken) req.get(AUTH_TOKEN); + if (token != null) { + pkiReq.setExtData(IRequest.AUTH_TOKEN, token); + } + + pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); + X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); + pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo }); + pkiReq.setExtData("cepsubstore", mSubstoreName); + + try { + String chpwd = (String) req.get(ChallengePassword.NAME); + if (chpwd != null) { + pkiReq.setExtData("challengePhrase", + chpwd); + } + } catch (Exception pwex) { + } + + Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS); + if (fingerprints.size() > 0) { + Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size()); + Enumeration<?> e = fingerprints.keys(); + while (e.hasMoreElements()) { + String key = (String) e.nextElement(); + byte[] value = (byte[]) fingerprints.get(key); + encodedPrints.put(key, CMS.BtoA(value)); + } + pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); + } + + pkiReq.setSourceId(req.getTransactionID()); + + rq.processRequest(pkiReq); + + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - pkiReq.getRequestId(), - AuditFormat.FROMROUTER, - mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, - "pending", - subject , - ""} + pkiReq.getRequestId(), + AuditFormat.FROMROUTER, + mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, + "pending", + subject, + "" } ); - - return pkiReq; - } - + return pkiReq; + } - public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) { + public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) { Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>(); MessageDigest md; - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; - PKCS10 p10 = (PKCS10)req.getP10(); + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" }; + PKCS10 p10 = (PKCS10) req.getP10(); - for (int i=0;i<hashes.length;i++) { - try { - md = MessageDigest.getInstance(hashes[i]); - md.update(p10.getCertRequestInfo()); - fingerprints.put(hashes[i],md.digest()); - } - catch (NoSuchAlgorithmException nsa) {} + for (int i = 0; i < hashes.length; i++) { + try { + md = MessageDigest.getInstance(hashes[i]); + md.update(p10.getCertRequestInfo()); + fingerprints.put(hashes[i], md.digest()); + } catch (NoSuchAlgorithmException nsa) { + } } - if (fingerprints != null) { - req.put(IRequest.FINGERPRINTS,fingerprints); - } - return fingerprints; - } - - - // Take a look to see if the request was successful, and fill - // in the response message + if (fingerprints != null) { + req.put(IRequest.FINGERPRINTS, fingerprints); + } + return fingerprints; + } + // Take a look to see if the request was successful, and fill + // in the response message - private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, - IRequest pkiReq) - { + private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, + IRequest pkiReq) { - X509CertImpl issuedCert=null; + X509CertImpl issuedCert = null; RequestStatus status = pkiReq.getRequestStatus(); String profileId = pkiReq.getExtDataInString("profileId"); if (profileId != null) { - CMS.debug("CRSEnrollment: Found profile request"); - X509CertImpl cert = - pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) { - CMS.debug("CRSEnrollment: No certificate has been found"); - } else { - CMS.debug("CRSEnrollment: Found certificate"); - } - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - return cert; + CMS.debug("CRSEnrollment: Found profile request"); + X509CertImpl cert = + pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) { + CMS.debug("CRSEnrollment: No certificate has been found"); + } else { + CMS.debug("CRSEnrollment: Found certificate"); + } + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + return cert; } - - if ( status.equals(RequestStatus.COMPLETE)) { + if (status.equals(RequestStatus.COMPLETE)) { Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT); - if (success.equals(IRequest.RES_SUCCESS)) { // The cert was issued, lets send it back to the router X509CertImpl[] issuedCertBuf = - pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); + pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCertBuf == null || issuedCertBuf.length == 0) { // writeError("Internal Error: Bad operation",httpReq,httpResp); - CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " + - "Bad operation" ); + CMS.debug("CRSEnrollment::makeResponseFromRequest() - " + + "Bad operation"); return null; } issuedCert = issuedCertBuf[0]; crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - } - else { // status is not 'success' - there must've been a problem - + + } else { // status is not 'success' - there must've been a problem + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg); } - } - else if (status.equals(RequestStatus.REJECTED_STRING) || + } else if (status.equals(RequestStatus.REJECTED_STRING) || status.equals(RequestStatus.CANCELED_STRING)) { - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - } - else { // not complete + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + } else { // not complete crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING); } return issuedCert; } + protected String hashPassword(String pwd) { + String salt = "lala123"; + byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes()); + String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); + return "{SHA}" + b64E; + } + /** + * Make the CRSPKIMESSAGE response + */ + private void processCertRep(CryptoContext cx, + X509CertImpl issuedCert, + CRSPKIMessage crsResp, + CRSPKIMessage crsReq) + throws CRSFailureException { + byte[] msgdigest = null; + byte[] encryptedDesKey = null; + try { + if (issuedCert != null) { + SymmetricKey sk; + SymmetricKey skinternal; - protected String hashPassword(String pwd) { - String salt = "lala123"; - byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes()); - String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); - return "{SHA}"+b64E; - } + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + // 1. Make the Degenerated PKCS7 with the recipient's certificate in it + byte toBeEncrypted[] = + crsResp.makeSignedRep(1, // version + issuedCert.getEncoded() + ); + // 2. Encrypt the above byte array with a new random DES key - /** - * Make the CRSPKIMESSAGE response - */ + sk = cx.getDESKeyGenerator().generate(); + skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - private void processCertRep(CryptoContext cx, - X509CertImpl issuedCert, - CRSPKIMessage crsResp, - CRSPKIMessage crsReq) - throws CRSFailureException { - byte[] msgdigest = null; - byte[] encryptedDesKey = null; - - try { - if (issuedCert != null) { - - SymmetricKey sk; - SymmetricKey skinternal; - - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - // 1. Make the Degenerated PKCS7 with the recipient's certificate in it - - byte toBeEncrypted[] = - crsResp.makeSignedRep(1, // version - issuedCert.getEncoded() - ); - - // 2. Encrypt the above byte array with a new random DES key - - sk = cx.getDESKeyGenerator().generate(); - - skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - - byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); - - - // This should be changed to generate proper DES IV. - - Cipher cipher = cx.getInternalToken().getCipherContext(ea); - IVParameterSpec desIV = - new IVParameterSpec(new byte[]{ - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00 } ); - - cipher.initEncrypt(sk,desIV); - byte[] encryptedData = cipher.doFinal(padded); - - crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm); - - // 3. Extract the recipient's public key - - PublicKey rcpPK = crsReq.getSignerPublicKey(); - - - // 4. Encrypt the DES key with the public key - - // we have to move the key onto the interal token. - //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); - skinternal = cx.getInternalToken().cloneKey(sk); - - KeyWrapper kw = cx.getInternalKeyWrapper(); - kw.initWrap(rcpPK, null); - encryptedDesKey = kw.wrap(skinternal); - - crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); - crsResp.makeRecipientInfo(0, encryptedDesKey ); - - } - - - byte[] ed = crsResp.makeEnvelopedData(0); - - // 7. Make Digest of SignedData Content - MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); - msgdigest = md.digest(ed); - - crsResp.setMsgDigest(msgdigest); - - } - - catch (Exception e) { - throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage()); - } - - - // 5. Make a RecipientInfo - - // The issuer name & serial number here, should be that of - // the EE's self-signed Certificate - // [I can get it from the req blob, but later, I should - // store the recipient's self-signed certificate with the request - // so I can get at it later. I need to do this to support - // 'PENDING'] - - - try { - - // 8. Make Authenticated Attributes - // we can just pull the transaction ID out of the request. - // Later, we will have to put it out of the Request queue, - // so we can support PENDING - crsResp.setTransactionID(crsReq.getTransactionID()); - // recipientNonce and SenderNonce have already been set - - crsResp.makeAuthenticatedAttributes(); - // crsResp.makeAuthenticatedAttributes_old(); - - - - // now package up the rest of the SignerInfo - { - byte[] signingcertbytes = cx.getSigningCert().getEncoded(); - - - Certificate.Template sgncert_t = new Certificate.Template(); - Certificate sgncert = - (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); - - IssuerAndSerialNumber sgniasn = - new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), + byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); + + // This should be changed to generate proper DES IV. + + Cipher cipher = cx.getInternalToken().getCipherContext(ea); + IVParameterSpec desIV = + new IVParameterSpec(new byte[] { + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00 }); + + cipher.initEncrypt(sk, desIV); + byte[] encryptedData = cipher.doFinal(padded); + + crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm); + + // 3. Extract the recipient's public key + + PublicKey rcpPK = crsReq.getSignerPublicKey(); + + // 4. Encrypt the DES key with the public key + + // we have to move the key onto the interal token. + //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); + skinternal = cx.getInternalToken().cloneKey(sk); + + KeyWrapper kw = cx.getInternalKeyWrapper(); + kw.initWrap(rcpPK, null); + encryptedDesKey = kw.wrap(skinternal); + + crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); + crsResp.makeRecipientInfo(0, encryptedDesKey); + + } + + byte[] ed = crsResp.makeEnvelopedData(0); + + // 7. Make Digest of SignedData Content + MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); + msgdigest = md.digest(ed); + + crsResp.setMsgDigest(msgdigest); + + } + + catch (Exception e) { + throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage()); + } + + // 5. Make a RecipientInfo + + // The issuer name & serial number here, should be that of + // the EE's self-signed Certificate + // [I can get it from the req blob, but later, I should + // store the recipient's self-signed certificate with the request + // so I can get at it later. I need to do this to support + // 'PENDING'] + + try { + + // 8. Make Authenticated Attributes + // we can just pull the transaction ID out of the request. + // Later, we will have to put it out of the Request queue, + // so we can support PENDING + crsResp.setTransactionID(crsReq.getTransactionID()); + // recipientNonce and SenderNonce have already been set + + crsResp.makeAuthenticatedAttributes(); + // crsResp.makeAuthenticatedAttributes_old(); + + // now package up the rest of the SignerInfo + { + byte[] signingcertbytes = cx.getSigningCert().getEncoded(); + + Certificate.Template sgncert_t = new Certificate.Template(); + Certificate sgncert = + (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); + + IssuerAndSerialNumber sgniasn = + new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), sgncert.getInfo().getSerialNumber()); - - crsResp.setSgnIssuerAndSerialNumber(sgniasn); - - // 10. Make SignerInfo - crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); - - // 11. Make SignedData - crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); - - crsResp.debug(); - } - } - catch (Exception e) { - throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage()); - } - - - // if debugging, dump out the response into a file - - } - - - - class CryptoContext { - private CryptoManager cm; - private CryptoToken internalToken; - private CryptoToken keyStorageToken; - private CryptoToken internalKeyStorageToken; - private KeyGenerator DESkg; - private Enumeration<?> externalTokens = null; - private org.mozilla.jss.crypto.X509Certificate signingCert; - private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; - private int signingCertKeySize = 0; - - - class CryptoContextException extends Exception { - /** + + crsResp.setSgnIssuerAndSerialNumber(sgniasn); + + // 10. Make SignerInfo + crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); + + // 11. Make SignedData + crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); + + crsResp.debug(); + } + } catch (Exception e) { + throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage()); + } + + // if debugging, dump out the response into a file + + } + + class CryptoContext { + private CryptoManager cm; + private CryptoToken internalToken; + private CryptoToken keyStorageToken; + private CryptoToken internalKeyStorageToken; + private KeyGenerator DESkg; + private Enumeration<?> externalTokens = null; + private org.mozilla.jss.crypto.X509Certificate signingCert; + private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; + private int signingCertKeySize = 0; + + class CryptoContextException extends Exception { + /** * */ - private static final long serialVersionUID = -1124116326126256475L; - public CryptoContextException() { super(); } - public CryptoContextException(String s) { super(s); } - } + private static final long serialVersionUID = -1124116326126256475L; - public CryptoContext() - throws CryptoContextException - { - try { - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - } - cm = CryptoManager.getInstance(); - internalToken = cm.getInternalCryptoToken(); - DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0) { - keyStorageToken = cm.getInternalKeyStorageToken(); - internalKeyStorageToken = keyStorageToken; - CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'"); - } else { - keyStorageToken = cm.getTokenByName(mTokenName); - internalKeyStorageToken = null; - } - if (!mUseCA && internalKeyStorageToken == null) { - PasswordCallback cb = CMS.getPasswordCallback(); - keyStorageToken.login(cb); // ONE_TIME by default. - } - signingCert = cm.findCertByNickname(mNickname); - signingCertPrivKey = cm.findPrivKeyByCert(signingCert); - byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); - SEQUENCE.Template outer = SEQUENCE.getTemplate(); - outer.addElement( ANY.getTemplate() ); // algid - outer.addElement( BIT_STRING.getTemplate() ); - SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); - BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); - byte[] encPubKey = bs.getBits(); - if( bs.getPadCount() != 0) { - throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); - } - SEQUENCE.Template inner = new SEQUENCE.Template(); - inner.addElement( INTEGER.getTemplate()); - inner.addElement( INTEGER.getTemplate()); - SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); - INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); - signingCertKeySize = modulus.bitLength(); - - try { - FileOutputStream fos = new FileOutputStream("pubkey.der"); - fos.write(signingCert.getPublicKey().getEncoded()); - fos.close(); - } catch (Exception e) {} - - } - catch (InvalidBERException e) { - throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); - } - catch (CryptoManager.NotInitializedException e) { - throw new CryptoContextException("Crypto Manager not initialized"); - } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException("Cannot create DES key generator"); - } - catch (ObjectNotFoundException e) { - throw new CryptoContextException("Certificate not found: "+ca.getNickname()); - } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); - } - catch (NoSuchTokenException e) { - throw new CryptoContextException("Crypto Token not found: "+e.getMessage()); - } - catch (IncorrectPasswordException e) { - throw new CryptoContextException("Incorrect Password."); - } - } - - - public KeyGenerator getDESKeyGenerator() { - return DESkg; - } + public CryptoContextException() { + super(); + } - public CryptoToken getInternalToken() { - return internalToken; - } + public CryptoContextException(String s) { + super(s); + } + } - public void setExternalTokens( Enumeration<?> tokens ) { - externalTokens = tokens; - } + public CryptoContext() + throws CryptoContextException { + try { + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + } + cm = CryptoManager.getInstance(); + internalToken = cm.getInternalCryptoToken(); + DESkg = internalToken.getKeyGenerator(kga); + if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || + mTokenName.length() == 0) { + keyStorageToken = cm.getInternalKeyStorageToken(); + internalKeyStorageToken = keyStorageToken; + CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'"); + } else { + keyStorageToken = cm.getTokenByName(mTokenName); + internalKeyStorageToken = null; + } + if (!mUseCA && internalKeyStorageToken == null) { + PasswordCallback cb = CMS.getPasswordCallback(); + keyStorageToken.login(cb); // ONE_TIME by default. + } + signingCert = cm.findCertByNickname(mNickname); + signingCertPrivKey = cm.findPrivKeyByCert(signingCert); + byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); + SEQUENCE.Template outer = SEQUENCE.getTemplate(); + outer.addElement(ANY.getTemplate()); // algid + outer.addElement(BIT_STRING.getTemplate()); + SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); + BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); + byte[] encPubKey = bs.getBits(); + if (bs.getPadCount() != 0) { + throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); + } + SEQUENCE.Template inner = new SEQUENCE.Template(); + inner.addElement(INTEGER.getTemplate()); + inner.addElement(INTEGER.getTemplate()); + SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); + INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); + signingCertKeySize = modulus.bitLength(); - public Enumeration<?> getExternalTokens() { - return externalTokens; - } + try { + FileOutputStream fos = new FileOutputStream("pubkey.der"); + fos.write(signingCert.getPublicKey().getEncoded()); + fos.close(); + } catch (Exception e) { + } - public CryptoToken getInternalKeyStorageToken() { - return internalKeyStorageToken; - } + } catch (InvalidBERException e) { + throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + } catch (CryptoManager.NotInitializedException e) { + throw new CryptoContextException("Crypto Manager not initialized"); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException("Cannot create DES key generator"); + } catch (ObjectNotFoundException e) { + throw new CryptoContextException("Certificate not found: " + ca.getNickname()); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchTokenException e) { + throw new CryptoContextException("Crypto Token not found: " + e.getMessage()); + } catch (IncorrectPasswordException e) { + throw new CryptoContextException("Incorrect Password."); + } + } - public CryptoToken getKeyStorageToken() { - return keyStorageToken; - } + public KeyGenerator getDESKeyGenerator() { + return DESkg; + } - public CryptoManager getCryptoManager() { - return cm; - } + public CryptoToken getInternalToken() { + return internalToken; + } - public KeyWrapper getKeyWrapper() - throws CryptoContextException { - try { - return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public void setExternalTokens(Enumeration<?> tokens) { + externalTokens = tokens; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public Enumeration<?> getExternalTokens() { + return externalTokens; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public CryptoToken getInternalKeyStorageToken() { + return internalKeyStorageToken; } - } - public KeyWrapper getInternalKeyWrapper() - throws CryptoContextException { - try { - return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public CryptoToken getKeyStorageToken() { + return keyStorageToken; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public CryptoManager getCryptoManager() { + return cm; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public KeyWrapper getKeyWrapper() + throws CryptoContextException { + try { + return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } } - } - public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { - return signingCertPrivKey; - } + public KeyWrapper getInternalKeyWrapper() + throws CryptoContextException { + try { + return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } + } - public org.mozilla.jss.crypto.X509Certificate getSigningCert() { - return signingCert; - } - - } + public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { + return signingCertPrivKey; + } + public org.mozilla.jss.crypto.X509Certificate getSigningCert() { + return signingCert; + } - /* General failure. The request/response cannot be processed. */ + } + /* General failure. The request/response cannot be processed. */ - class CRSFailureException extends Exception { - /** + class CRSFailureException extends Exception { + /** * */ - private static final long serialVersionUID = 1962741611501549051L; - public CRSFailureException() { super(); } - public CRSFailureException(String s) { super(s); } - } + private static final long serialVersionUID = 1962741611501549051L; - class CRSInvalidSignatureException extends Exception { - /** + public CRSFailureException() { + super(); + } + + public CRSFailureException(String s) { + super(s); + } + } + + class CRSInvalidSignatureException extends Exception { + /** * */ - private static final long serialVersionUID = 9096408193567657944L; - public CRSInvalidSignatureException() { super(); } - public CRSInvalidSignatureException(String s) { super(s); } - } + private static final long serialVersionUID = 9096408193567657944L; + + public CRSInvalidSignatureException() { + super(); + } - + public CRSInvalidSignatureException(String s) { + super(s); + } + } - class CRSPolicyException extends Exception { - /** + class CRSPolicyException extends Exception { + /** * */ - private static final long serialVersionUID = 5846593800658787396L; - public CRSPolicyException() { super(); } - public CRSPolicyException(String s) { super(s); } - } + private static final long serialVersionUID = 5846593800658787396L; -} + public CRSPolicyException() { + super(); + } + public CRSPolicyException(String s) { + super(s); + } + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java index 49a591f0..ff55dc9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java @@ -35,109 +35,107 @@ import netscape.security.x509.CertAttrSet; */ public class ChallengePassword implements CertAttrSet { - public static final String NAME = "ChallengePassword"; - public static final String PASSWORD = "password"; - - private String cpw; - - - /** - * Get the password marshalled in this object - * @return the challenge password - */ - public String toString() { - return cpw; - } - - /** - * Create a ChallengePassword object - * @param stuff (must be of type byte[]) a DER-encoded by array following - * The ASN.1 template for ChallenegePassword specified in the SCEP - * documentation - * @throws IOException if the DER encoded byt array was malformed, or if it - * did not match the template - */ - - public ChallengePassword(Object stuff) - throws IOException { - - ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff); - try { - decode(is); - } catch (Exception e) { - throw new IOException(e.getMessage()); - } - - } - - /** - * Currently Unimplemented - */ - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + public static final String NAME = "ChallengePassword"; + public static final String PASSWORD = "password"; + + private String cpw; + + /** + * Get the password marshalled in this object + * + * @return the challenge password + */ + public String toString() { + return cpw; + } + + /** + * Create a ChallengePassword object + * + * @param stuff (must be of type byte[]) a DER-encoded by array following + * The ASN.1 template for ChallenegePassword specified in the SCEP + * documentation + * @throws IOException if the DER encoded byt array was malformed, or if it + * did not match the template + */ + + public ChallengePassword(Object stuff) + throws IOException { + + ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); + try { + decode(is); + } catch (Exception e) { + throw new IOException(e.getMessage()); + } + + } + + /** + * Currently Unimplemented + */ + public void encode(OutputStream out) + throws CertificateException, IOException { + } + + public void decode(InputStream in) + throws CertificateException, IOException { DerValue derVal = new DerValue(in); construct(derVal); - + + } + + private void construct(DerValue derVal) throws IOException { + try { + cpw = derVal.getPrintableString(); + } catch (NullPointerException e) { + cpw = ""; + } + } + + /** + * Currently Unimplemented + */ + public void set(String name, Object obj) + throws CertificateException, IOException { } - private void construct(DerValue derVal) throws IOException { - try { - cpw = derVal.getPrintableString(); - } - catch (NullPointerException e) { - cpw = ""; - } - } - - - /** - * Currently Unimplemented - */ - public void set(String name, Object obj) - throws CertificateException, IOException - { } - - /** - * Get an attribute of this object. - * @param name the name of the attribute of this object to get. The only - * supported attribute is "password" - */ - public Object get(String name) - throws CertificateException, IOException - { + /** + * Get an attribute of this object. + * + * @param name the name of the attribute of this object to get. The only + * supported attribute is "password" + */ + public Object get(String name) + throws CertificateException, IOException { if (name.equalsIgnoreCase(PASSWORD)) { return cpw; - } - else { - throw new IOException("Attribute name not recognized by "+ + } else { + throw new IOException("Attribute name not recognized by " + "CertAttrSet: ChallengePassword"); } } - - /** - * Currently Unimplemented - */ - public void delete(String name) - throws CertificateException, IOException - { } - - /** - * @return an empty set of elements - */ - public Enumeration<String> getAttributeNames() - { return (new Vector<String>()).elements();} - - /** - * @return the String "ChallengePassword" - */ - public String getName() - { return NAME;} - - + + /** + * Currently Unimplemented + */ + public void delete(String name) + throws CertificateException, IOException { + } + + /** + * @return an empty set of elements + */ + public Enumeration<String> getAttributeNames() { + return (new Vector<String>()).elements(); + } + + /** + * @return the String "ChallengePassword" + */ + public String getName() { + return NAME; + } + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java index 6f689b34..b3a0f565 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java @@ -30,51 +30,46 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; - public class ExtensionsRequested implements CertAttrSet { + public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature"; - public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; + public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; private String kue_digital_signature = "false"; - private String kue_key_encipherment = "false"; - + private String kue_key_encipherment = "false"; + private Vector<Extension> exts = new Vector<Extension>(); public ExtensionsRequested(Object stuff) throws IOException { ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); - + try { decode(is); - } - catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } } - - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + + public void encode(OutputStream out) + throws CertificateException, IOException { + } + + public void decode(InputStream in) + throws CertificateException, IOException { DerValue derVal = new DerValue(in); - + construct(derVal); } - + public void set(String name, Object obj) - throws CertificateException, IOException - { } - - public Object get(String name) - throws CertificateException, IOException - { + throws CertificateException, IOException { + } + + public Object get(String name) + throws CertificateException, IOException { if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) { return kue_digital_signature; } @@ -84,107 +79,99 @@ public class ExtensionsRequested implements CertAttrSet { throw new IOException("Unsupported attribute queried"); } - - public void delete(String name) - throws CertificateException, IOException - { + + public void delete(String name) + throws CertificateException, IOException { + } + + public Enumeration<String> getAttributeNames() { + return (new Vector<String>()).elements(); + } + + public String getName() { + return NAME; } - public Enumeration<String> getAttributeNames() - { return (new Vector<String>()).elements();} - - public String getName() - { return NAME;} - - - -/** - construct - expects this in the inputstream (from the router): - - 211 30 31: SEQUENCE { - 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' - 225 31 17: SET { - 227 04 15: OCTET STRING, encapsulates { - 229 30 13: SEQUENCE { - 231 30 11: SEQUENCE { - 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) - 238 04 4: OCTET STRING - : 03 02 05 A0 - : } - : } - : } - - or this (from IRE client): - - 262 30 51: SEQUENCE { - 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) - 275 31 38: SET { - 277 30 36: SEQUENCE { - 279 30 34: SEQUENCE { - 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) - 286 04 27: OCTET STRING - : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 - : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D - : } - : } - : } - : } - - - */ + /** + * construct - expects this in the inputstream (from the router): + * + * 211 30 31: SEQUENCE { + * 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' + * 225 31 17: SET { + * 227 04 15: OCTET STRING, encapsulates { + * 229 30 13: SEQUENCE { + * 231 30 11: SEQUENCE { + * 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) + * 238 04 4: OCTET STRING + * : 03 02 05 A0 + * : } + * : } + * : } + * + * or this (from IRE client): + * + * 262 30 51: SEQUENCE { + * 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) + * 275 31 38: SET { + * 277 30 36: SEQUENCE { + * 279 30 34: SEQUENCE { + * 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) + * 286 04 27: OCTET STRING + * : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 + * : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D + * : } + * : } + * : } + * : } + */ private void construct(DerValue dv) throws IOException { - DerInputStream stream = null; - DerValue[] dvs; + DerInputStream stream = null; + DerValue[] dvs; - try { // try decoding as sequence first + try { // try decoding as sequence first - stream = dv.toDerInputStream(); + stream = dv.toDerInputStream(); - DerValue stream_dv = stream.getDerValue(); - stream.reset(); - + DerValue stream_dv = stream.getDerValue(); + stream.reset(); - dvs = stream.getSequence(2); - } - catch (IOException ioe) { - // if it failed, the outer sequence may be - // encapsulated in an octet string, as in the first - // example above + dvs = stream.getSequence(2); + } catch (IOException ioe) { + // if it failed, the outer sequence may be + // encapsulated in an octet string, as in the first + // example above - byte[] octet_string = dv.getOctetString(); + byte[] octet_string = dv.getOctetString(); - // Make a new input stream from the byte array, - // and re-parse it as a sequence. + // Make a new input stream from the byte array, + // and re-parse it as a sequence. - dv = new DerValue(octet_string); + dv = new DerValue(octet_string); - stream = dv.toDerInputStream(); - dvs = stream.getSequence(2); - } + stream = dv.toDerInputStream(); + dvs = stream.getSequence(2); + } - // now, the stream will be in the correct format - stream.reset(); + // now, the stream will be in the correct format + stream.reset(); - while (true) { - DerValue ext_dv=null; - try { - ext_dv = stream.getDerValue(); - } - catch (IOException ex) { - break; - } + while (true) { + DerValue ext_dv = null; + try { + ext_dv = stream.getDerValue(); + } catch (IOException ex) { + break; + } - Extension ext = new Extension(ext_dv); - exts.addElement(ext); - } + Extension ext = new Extension(ext_dv); + exts.addElement(ext); + } } - public Vector<Extension> getExtensions() { - return exts; - } + public Vector<Extension> getExtensions() { + return exts; + } } - - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java index 759238d9..58c4276e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -40,19 +38,21 @@ public class AuthCredentials implements IAuthCredentials { private Hashtable authCreds = null; // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -72,8 +73,9 @@ public class AuthCredentials implements IAuthCredentials { /** * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * credential set. This method does nothing if the named + * credential is not in the credential set. + * * @param name credential name */ public void delete(String name) { @@ -82,26 +84,26 @@ public class AuthCredentials implements IAuthCredentials { /** * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * set. Use the Enumeration methods on the returned object to + * fetch the elements sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 3fac4a63..15b46e17 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -94,33 +93,33 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { public CMCOutputTemplate() { } - public void createFullResponseWithFailedStatus(HttpServletResponse resp, - SEQUENCE bpids, int code, UTF8String s) { + public void createFullResponseWithFailedStatus(HttpServletResponse resp, + SEQUENCE bpids, int code, UTF8String s) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); SEQUENCE otherMsgSeq = new SEQUENCE(); int bpid = 1; - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(code), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(code), null); CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids, s, otherInfo); + new INTEGER(CMCStatusInfo.FAILED), + bpids, s, otherInfo); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); try { ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + cmsSeq, otherMsgSeq); SET certs = new SET(); ContentInfo contentInfo = getContentInfo(respBody, certs); @@ -137,13 +136,13 @@ public class CMCOutputTemplate { os.write(contentBytes); os.flush(); } catch (Exception e) { - CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString()); return; } } - public void createFullResponse(HttpServletResponse resp, IRequest []reqs, - String cert_request_type, int[] error_codes) { + public void createFullResponse(HttpServletResponse resp, IRequest[] reqs, + String cert_request_type, int[] error_codes) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); @@ -157,32 +156,32 @@ public class CMCOutputTemplate { SEQUENCE success_bpids = null; SEQUENCE failed_bpids = null; if (cert_request_type.equals("crmf") || - cert_request_type.equals("pkcs10")) { + cert_request_type.equals("pkcs10")) { String reqId = reqs[0].getRequestId().toString(); OtherInfo otherInfo = null; if (error_codes[0] == 2) { PendInfo pendInfo = new PendInfo(reqId, new Date()); otherInfo = new OtherInfo(OtherInfo.PEND, null, - pendInfo); + pendInfo); } else { - otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); } - + SEQUENCE bpids = new SEQUENCE(); bpids.addElement(new INTEGER(1)); CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - bpids, (String)null, otherInfo); + bpids, (String) null, otherInfo); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } else if (cert_request_type.equals("cmc")) { pending_bpids = new SEQUENCE(); success_bpids = new SEQUENCE(); failed_bpids = new SEQUENCE(); if (reqs != null) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { success_bpids.addElement(new INTEGER( reqs[i].getExtDataInBigInteger("bodyPartId"))); @@ -192,77 +191,77 @@ public class CMCOutputTemplate { } else { failed_bpids.addElement(new INTEGER( reqs[i].getExtDataInBigInteger("bodyPartId"))); - } + } } } TaggedAttribute tagattr = null; CMCStatusInfo cmcStatusInfo = null; - SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof"); + SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof"); if (identityBpids != null && identityBpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_IDENTITY), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_IDENTITY), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - identityBpids, (String)null, otherInfo); + identityBpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness"); + SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness"); if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + new INTEGER(OtherInfo.BAD_REQUEST), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - POPLinkWitnessBpids, (String)null, otherInfo); + POPLinkWitnessBpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (pending_bpids.size() > 0) { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); - } + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); + } if (success_bpids.size() > 0) { boolean confirmRequired = false; try { - confirmRequired = - CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", - false); - } catch (Exception e) { + confirmRequired = + CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", + false); + } catch (Exception e) { } if (confirmRequired) { CMS.debug("CMCOutputTemplate: confirmRequired in the request"); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, - success_bpids, (String)null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, + success_bpids, (String) null, null); } else { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String) null, null); } tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } } @@ -270,80 +269,80 @@ public class CMCOutputTemplate { try { // deal with controls - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); if (nums != null && nums.intValue() > 0) { TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr != null) { try { processGetCertControl(attr, certs); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: "+ee.toString()); + CMS.debug("CMCOutputTemplate: " + ee.toString()); OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE bpids1 = new SEQUENCE(); bpids1.addElement(attr.getBodyPartID()); CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids1, null, otherInfo1); + new INTEGER(CMCStatusInfo.FAILED), + bpids1, null, otherInfo1); TaggedAttribute tagattr1 = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); controlSeq.addElement(tagattr1); } } - attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); + attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); if (attr != null) bpid = processDataReturnControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); if (attr != null) bpid = processTransactionControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); if (attr != null) bpid = processSenderNonceControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); if (attr != null) - bpid = processQueryPendingControl(attr, controlSeq, bpid); + bpid = processQueryPendingControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); + attr = + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); - if (attr != null) + if (attr != null) bpid = processConfirmCertAcceptanceControl(attr, controlSeq, - bpid); + bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); + attr = + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); - if (attr != null) + if (attr != null) bpid = processRevokeRequestControl(attr, controlSeq, - bpid); + bpid); } if (success_bpids != null && success_bpids.size() > 0) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(bin)); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(bin)); certs.addElement(cert); } } } ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + cmsSeq, otherMsgSeq); ContentInfo contentInfo = getContentInfo(respBody, certs); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -354,16 +353,16 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (Exception e) { - CMS.debug("Exception: "+e.toString()); + CMS.debug("Exception: " + e.toString()); } } @@ -371,48 +370,48 @@ public class CMCOutputTemplate { try { ICertificateAuthority ca = null; // add CA cert chain - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } - + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); + OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); org.mozilla.jss.crypto.X509Certificate x509CAcert = null; x509CAcert = ca.getCaX509Cert(); X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded()); - X500Name issuerName = (X500Name)caimpl.getIssuerDN(); + X500Name issuerName = (X500Name) caimpl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); + issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // use CA instance's default signature and digest algorithm SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); org.mozilla.jss.crypto.PrivateKey privKey = - CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); -/* - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { - signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { - signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { - signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; - } else { - CMS.debug( "CMCOutputTemplate::getContentInfo() - " - + "signAlg is unsupported!" ); - return null; - } -*/ + CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); + /* + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); + if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; + } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; + } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { + signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; + } else { + CMS.debug( "CMCOutputTemplate::getContentInfo() - " + + "signAlg is unsupported!" ); + return null; + } + */ DigestAlgorithm digestAlg = signAlg.getDigestAlg(); MessageDigest msgDigest = null; byte[] digest = null; @@ -425,9 +424,9 @@ public class CMCOutputTemplate { digest = msgDigest.digest(ostream.toByteArray()); SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, privKey); + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); @@ -436,30 +435,30 @@ public class CMCOutputTemplate { if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), null); - + AlgorithmIdentifier(digestAlg.toOID(), null); + digestAlgs.addElement(ai); } SignedData signedData = new SignedData(digestAlgs, - enContentInfo, certs, null, signInfos); + enContentInfo, certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString()); } - return null; + return null; } - public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) { + public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) { SET certs = new SET(); SessionContext context = SessionContext.getContext(); try { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); processGetCertControl(attr, certs); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("CMCOutputTemplate: No certificate is found."); } @@ -472,34 +471,34 @@ public class CMCOutputTemplate { try { if (reqs != null) { - for (int i=0; i<reqs.length; i++) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + for (int i = 0; i < reqs.length; i++) { + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate) certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } // Get CA certs - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } } - + if (certs.size() == 0) return; SignedData signedData = new SignedData(digestAlgorithms, - enContentInfo, certs, null, signedInfos); + enContentInfo, certs, null, signedInfos); ContentInfo contentInfo = new ContentInfo(signedData); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -510,48 +509,48 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } } private int processConfirmCertAcceptanceControl( - TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { + TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { if (attr != null) { INTEGER bodyId = attr.getBodyPartID(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(bodyId); + seq.addElement(bodyId); SET values = attr.getValues(); if (values != null && values.size() > 0) { try { - CMCCertId cmcCertId = - (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(), - ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger)(cmcCertId.getSerial()); - SEQUENCE issuers = cmcCertId.getIssuer(); + CMCCertId cmcCertId = + (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(), + ASN1Util.encode(values.elementAt(0)))); + BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); + SEQUENCE issuers = cmcCertId.getIssuer(); //ANY issuer = (ANY)issuers.elementAt(0); - ANY issuer = - (ANY)(ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(issuers.elementAt(0)))); + ANY issuer = + (ANY) (ASN1Util.decode(ANY.getTemplate(), + ASN1Util.encode(issuers.elementAt(0)))); byte[] b = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = null; - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); X509CertImpl impl = null; try { - repository.getX509Certificate(serialno); + repository.getX509Certificate(serialno); } catch (EBaseException ee) { CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found"); } @@ -559,77 +558,77 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; if (confirmAccepted) { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository."); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, - (String)null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, + (String) null, null); } else { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.FAILED, seq, - (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.FAILED, seq, + (String) null, otherInfo); } TaggedAttribute statustagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(statustagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(statustagattr); } catch (Exception e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } - } + } } return bpid; } private void processGetCertControl(TaggedAttribute attr, SET certs) - throws InvalidBERException, java.security.cert.CertificateEncodingException, - IOException, EBaseException { + throws InvalidBERException, java.security.cert.CertificateEncodingException, + IOException, EBaseException { if (attr != null) { SET vals = attr.getValues(); if (vals.size() == 1) { GetCert getCert = - (GetCert)(ASN1Util.decode(GetCert.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger)(getCert.getSerialNumber()); - ANY issuer = (ANY)getCert.getIssuer(); + (GetCert) (ASN1Util.decode(GetCert.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); + ANY issuer = (ANY) getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); if (!n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control"); throw new EBaseException("Certificate is not found"); } ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + (Certificate) certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - + private int processQueryPendingControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET values = attr.getValues(); - if (values != null && values.size() > 0) { + if (values != null && values.size() > 0) { SEQUENCE pending_bpids = new SEQUENCE(); SEQUENCE success_bpids = new SEQUENCE(); SEQUENCE failed_bpids = new SEQUENCE(); - for (int i=0; i<values.size(); i++) { + for (int i = 0; i < values.size(); i++) { try { INTEGER reqId = (INTEGER) - ASN1Util.decode(INTEGER.getTemplate(), - ASN1Util.encode(values.elementAt(i))); + ASN1Util.decode(INTEGER.getTemplate(), + ASN1Util.encode(values.elementAt(i))); String requestId = new String(reqId.toByteArray()); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); IRequestQueue queue = ca.getRequestQueue(); IRequest r = queue.findRequest(new RequestId(requestId)); if (r != null) { @@ -649,43 +648,43 @@ public class CMCOutputTemplate { if (pending_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (success_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - } + } } return bpid; } - private int processTransactionControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processTransactionControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET transIds = attr.getValues(); if (transIds != null) { TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(tagattr); } } @@ -694,16 +693,16 @@ public class CMCOutputTemplate { } private int processSenderNonceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET sNonce = attr.getValues(); if (sNonce != null) { TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonce); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonce); controlSeq.addElement(tagattr); Date date = new Date(); - String salt = "lala123"+date.toString(); + String salt = "lala123" + date.toString(); byte[] dig; try { MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); @@ -714,8 +713,8 @@ public class CMCOutputTemplate { String b64E = CMS.BtoA(dig); tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(b64E.getBytes())); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(b64E.getBytes())); controlSeq.addElement(tagattr); } } @@ -723,29 +722,29 @@ public class CMCOutputTemplate { return bpid; } - private int processDataReturnControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException { + private int processDataReturnControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException { if (attr != null) { SET vals = attr.getValues(); - + if (vals.size() > 0) { - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_dataReturn, str); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_dataReturn, str); + controlSeq.addElement(tagattr); } - } + } return bpid; } - private int processRevokeRequestControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, - IOException { + private int processRevokeRequestControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, + IOException { boolean revoke = false; SessionContext context = SessionContext.getContext(); if (attr != null) { @@ -754,10 +753,10 @@ public class CMCOutputTemplate { SET vals = attr.getValues(); if (vals.size() > 0) { RevRequest revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(vals.elementAt(0)))); + (RevRequest) (ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(vals.elementAt(0)))); OCTET_STRING str = revRequest.getSharedSecret(); - INTEGER pid = attr.getBodyPartID(); + INTEGER pid = attr.getBodyPartID(); TaggedAttribute tagattr = null; INTEGER revokeCertSerial = revRequest.getSerialNumber(); BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray()); @@ -767,25 +766,25 @@ public class CMCOutputTemplate { needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true); } catch (Exception e) { } - + if (needVerify) { - Integer num1 = (Integer)context.get("numOfOtherMsgs"); + Integer num1 = (Integer) context.get("numOfOtherMsgs"); int num = num1.intValue(); - for (int i=0; i<num; i++) { - OtherMsg data = (OtherMsg)context.get("otherMsg"+i); - INTEGER dpid = data.getBodyPartID(); + for (int i = 0; i < num; i++) { + OtherMsg data = (OtherMsg) context.get("otherMsg" + i); + INTEGER dpid = data.getBodyPartID(); if (pid.longValue() == dpid.longValue()) { - ANY msgValue = data.getOtherMsgValue(); - SignedData msgData = - (SignedData)msgValue.decodeWith(SignedData.getTemplate()); + ANY msgValue = data.getOtherMsgValue(); + SignedData msgData = + (SignedData) msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -794,7 +793,7 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; @@ -810,15 +809,15 @@ public class CMCOutputTemplate { } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -827,10 +826,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -846,10 +845,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -864,23 +863,23 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } - } + } if (revoke) { - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository(); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: Exception: "+ee.toString()); + CMS.debug("CMCOutputTemplate: Exception: " + ee.toString()); } if (record == null) { @@ -888,10 +887,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -901,10 +900,10 @@ public class CMCOutputTemplate { SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + success_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -928,7 +927,7 @@ public class CMCOutputTemplate { RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; - IRequestQueue queue = ca.getRequestQueue(); + IRequestQueue queue = ca.getRequestQueue(); IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REVOKED_REASON, @@ -941,17 +940,17 @@ public class CMCOutputTemplate { RequestStatus stat = revReq.getRequestStatus(); if (stat == RequestStatus.COMPLETE) { Integer result = revReq.getExtDataInInteger(IRequest.RESULT); - CMS.debug("CMCOutputTemplate: revReq result = "+result); + CMS.debug("CMCOutputTemplate: revReq result = " + result); if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CMCOutputTemplate: revReq exception: " + revReq.getExtDataInString(IRequest.ERROR)); OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -960,36 +959,36 @@ public class CMCOutputTemplate { ILogger logger = CMS.getLogger(); String initiative = AuditFormat.FROMUSER; logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, new Object[] { - revReq.getRequestId(), initiative, "completed", - impl.getSubjectDN(), - impl.getSerialNumber().toString(16), - reason.toString()}); + AuditFormat.DOREVOKEFORMAT, new Object[] { + revReq.getRequestId(), initiative, "completed", + impl.getSubjectDN(), + impl.getSerialNumber().toString(16), + reason.toString() }); CMS.debug("CMCOutputTemplate: Certificate get revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + success_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } else { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } } } - return bpid; + return bpid; } private RevocationReason toRevocationReason(ENUMERATED n) { @@ -998,7 +997,7 @@ public class CMCOutputTemplate { return RevocationReason.UNSPECIFIED; else if (code == RevRequest.affiliationChanged.getValue()) return RevocationReason.AFFILIATION_CHANGED; - else if (code == RevRequest.cACompromise.getValue()) + else if (code == RevRequest.cACompromise.getValue()) return RevocationReason.CA_COMPROMISE; else if (code == RevRequest.certificateHold.getValue()) return RevocationReason.CERTIFICATE_HOLD; @@ -1022,33 +1021,33 @@ public class CMCOutputTemplate { EncapsulatedContentInfo ci = msgData.getContentInfo(); OCTET_STRING content = ci.getContent(); ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); - TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s); + TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s); SET values = tattr.getValues(); RevRequest revRequest = null; if (values != null && values.size() > 0) revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(values.elementAt(0)))); + (RevRequest) (ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(values.elementAt(0)))); SET dias = msgData.getDigestAlgorithmIdentifiers(); int numDig = dias.size(); Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>(); - for (int i=0; i<numDig; i++) { + for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dias.elementAt(i); + (AlgorithmIdentifier) dias.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + DigestAlgorithm.fromOID(dai.getOID()).toString(); MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } SET sis = msgData.getSignerInfos(); - int numSis = sis.size(); - for (int i=0; i<numSis; i++) { + int numSis = sis.size(); + for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i); + (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = digs.get(name); if (digest == null) { @@ -1060,21 +1059,21 @@ public class CMCOutputTemplate { SignerIdentifier sid = si.getSignerIdentifier(); if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = - sid.getIssuerAndSerialNumber(); + sid.getIssuerAndSerialNumber(); java.security.cert.X509Certificate cert = null; if (msgData.hasCertificates()) { SET certs = msgData.getCertificates(); int numCerts = certs.size(); - for (int j=0; j<numCerts; j++) { + for (int j = 0; j < numCerts; j++) { org.mozilla.jss.pkix.cert.Certificate certJss = - (Certificate) certs.elementAt(j); - org.mozilla.jss.pkix.cert.CertificateInfo certI = - certJss.getInfo(); + (Certificate) certs.elementAt(j); + org.mozilla.jss.pkix.cert.CertificateInfo certI = + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && - sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -1082,23 +1081,23 @@ public class CMCOutputTemplate { } } } - + if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key)pbKey).getAlgorithm(); + String type = ((X509Key) pbKey).getAlgorithm(); PrivateKey.Type kType = PrivateKey.RSA; if (type.equals("DSA")) kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } - } - } - + } + } + return false; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString()); return false; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java index 7f89297c..4d7c4cdd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; - /** * CMSFile represents a file from the filesystem cached in memory - * + * * @version $Revision$, $Date$ */ public class CMSFile { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java index bf4c3cf6..9a91cb72 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -26,10 +25,9 @@ import java.util.Hashtable; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * CMSFileLoader - file cache. - * + * * @version $Revision$, $Date$ */ @@ -52,7 +50,7 @@ public class CMSFileLoader { private int mMaxSize = MAX_SIZE; // number of files to clear when max is reached. - private int mClearSize = CLEAR_SIZE; + private int mClearSize = CLEAR_SIZE; // whether to cache templates and forms only. private boolean mCacheTemplatesOnly = true; @@ -63,7 +61,7 @@ public class CMSFileLoader { public void init(IConfigStore config) throws EBaseException { mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE); mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE); - mCacheTemplatesOnly = + mCacheTemplatesOnly = config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); } @@ -103,7 +101,7 @@ public class CMSFileLoader { if (cmsFile == null || modified != lastModified) { // Changed by bskim //cmsFile = updateFile(absPath, file); - cmsFile = updateFile(absPath, file, enc); + cmsFile = updateFile(absPath, file, enc); // Change end } cmsFile.setLastAccess(System.currentTimeMillis()); @@ -112,9 +110,9 @@ public class CMSFileLoader { // Changed by bskim //private CMSFile updateFile(String absPath, File file) - private CMSFile updateFile(String absPath, File file, String enc) - // Change end - throws EBaseException, IOException { + private CMSFile updateFile(String absPath, File file, String enc) + // Change end + throws EBaseException, IOException { // clear if cache size exceeded. if (mLoadedFiles.size() >= mMaxSize) { clearSomeFiles(); @@ -131,18 +129,18 @@ public class CMSFileLoader { } else { cmsFile = new CMSFile(file); } - mLoadedFiles.put(absPath, cmsFile); // replace old one if any. + mLoadedFiles.put(absPath, cmsFile); // replace old one if any. return cmsFile; } private synchronized void clearSomeFiles() { // recheck this in case some other thread has cleared it. - if (mLoadedFiles.size() < mMaxSize) + if (mLoadedFiles.size() < mMaxSize) return; - // remove the LRU files. - // XXX could be optimized more. + // remove the LRU files. + // XXX could be optimized more. Enumeration elements = mLoadedFiles.elements(); for (int i = mClearSize; i > 0; i--) { @@ -160,4 +158,3 @@ public class CMSFileLoader { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java index a76b1c75..7ae242ae 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for cms gateway. * <P> - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java index b5c6e3c7..74d46bad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.ILogger; - /** * This class is to hold some general method for servlets. - * + * * @version $Revision$, $Date$ */ public class CMSGateway { @@ -52,8 +50,8 @@ public class CMSGateway { private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; private final static String PROP_SERVER_XML = "server.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; protected static CMSFileLoader mFileLoader = new CMSFileLoader(); @@ -68,11 +66,11 @@ public class CMSGateway { mEnableFileServing = true; mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY); try { - mEnableAdminEnroll = + mEnableAdminEnroll = mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false); } catch (EBaseException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); } } @@ -88,7 +86,7 @@ public class CMSGateway { httpReqHash.put(name, req.getParameter(name)); } - + String ip = req.getRemoteAddr(); if (ip != null) httpReqHash.put("clientHost", ip); @@ -99,8 +97,8 @@ public class CMSGateway { return mEnableAdminEnroll; } - public static void setEnableAdminEnroll(boolean enableAdminEnroll) - throws EBaseException { + public static void setEnableAdminEnroll(boolean enableAdminEnroll) + throws EBaseException { IConfigStore mainConfig = CMS.getConfigStore(); //!!! Is it thread safe? xxxx @@ -123,14 +121,14 @@ public class CMSGateway { * manager. */ public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. if (authMgr == null) - return null; + return null; String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); - + if (clientCert instanceof java.security.cert.X509Certificate) { try { clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded()); @@ -144,8 +142,8 @@ public class CMSGateway { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -163,9 +161,9 @@ public class CMSGateway { protected final static String AUTHMGR_PARAM = "authenticator"; public static AuthToken checkAuthManager( - HttpServletRequest httpReq, IArgBlock httpParams, - X509Certificate cert, String authMgrName) - throws EBaseException { + HttpServletRequest httpReq, IArgBlock httpParams, + X509Certificate cert, String authMgrName) + throws EBaseException { IArgBlock httpArgs = httpParams; if (httpArgs == null) @@ -181,43 +179,43 @@ public class CMSGateway { } if (authMgrName == null || authMgrName.length() == 0) { - throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", + throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); } - - IAuthManager authMgr = - authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + + IAuthManager authMgr = + authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); authMgr = authSub.getAuthManager(authMgrName); if (authMgr == null) return null; - IAuthCredentials creds = - getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); + IAuthCredentials creds = + getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); AuthToken authToken = null; try { - authToken = (AuthToken) authMgr.authenticate(creds); + authToken = (AuthToken) authMgr.authenticate(creds); } catch (EBaseException e) { throw e; } catch (Exception e) { CMS.debug("CMSGateway: " + e); // catch all errors from authentication manager. - throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", + throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", e.toString(), e.getMessage())); } return authToken; } public static void renderTemplate( - String templateName, - HttpServletRequest req, - HttpServletResponse resp, - ServletConfig servletConfig, - CMSFileLoader fileLoader) - throws EBaseException, IOException { - CMSTemplate template = - getTemplate(templateName, req, - servletConfig, fileLoader, new Locale[1]); + String templateName, + HttpServletRequest req, + HttpServletResponse resp, + ServletConfig servletConfig, + CMSFileLoader fileLoader) + throws EBaseException, IOException { + CMSTemplate template = + getTemplate(templateName, req, + servletConfig, fileLoader, new Locale[1]); ServletOutputStream out = resp.getOutputStream(); template.renderOutput(out, new CMSTemplateParams(null, null)); @@ -240,8 +238,8 @@ public class CMSGateway { * @param locale array of at least one to be filled with locale found. */ public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -258,7 +256,7 @@ public class CMSGateway { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -287,8 +285,8 @@ public class CMSGateway { } String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -311,54 +309,54 @@ public class CMSGateway { } /** - * get a template + * get a template */ protected static CMSTemplate getTemplate( - String templateName, - HttpServletRequest httpReq, - ServletConfig servletConfig, - CMSFileLoader fileLoader, - Locale[] locale) - throws EBaseException, IOException { + String templateName, + HttpServletRequest httpReq, + ServletConfig servletConfig, + CMSFileLoader fileLoader, + Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (servletConfig == null) { - CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" ); + CMS.debug("CMSGateway:getTemplate() - servletConfig is null!"); return null; } if (servletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - servletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = + servletConfig.getServletContext().getRealPath("/" + templateName); File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); - CMSTemplate template = - //(CMSTemplate)fileLoader.getCMSFile(templateFile); - (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); + File templateFile = + getLangFile(httpReq, realpathFile, locale); + CMSTemplate template = + //(CMSTemplate)fileLoader.getCMSFile(templateFile); + (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); return template; } /** * Get the If-Modified-Since header and compare it to the millisecond - * epoch value passed in. If there is no header, or there is a problem - * parsing the value, or if the file has been modified this will return + * epoch value passed in. If there is no header, or there is a problem + * parsing the value, or if the file has been modified this will return * true, indicating the file has changed. - * + * * @param lastModified The time value in milliseconds past the epoch to - * compare the If-Modified-Since header to. + * compare the If-Modified-Since header to. */ public static boolean modifiedSince(HttpServletRequest req, long lastModified) { long ifModSinceStr; try { ifModSinceStr = req.getDateHeader("If-Modified-Since"); - }catch (IllegalArgumentException e) { + } catch (IllegalArgumentException e) { return true; } - + if (ifModSinceStr < 0) { return true; } @@ -371,4 +369,3 @@ public class CMSGateway { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java index ca5abf03..62276df1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java @@ -17,12 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - - - /** - * handy class containing cms templates to load & fill. - * + * handy class containing cms templates to load & fill. + * * @version $Revision$, $Date$ */ public class CMSLoadTemplate { @@ -35,9 +32,9 @@ public class CMSLoadTemplate { } public CMSLoadTemplate( - String propName, String fillerPropName, - String templateName, ICMSTemplateFiller filler) { - + String propName, String fillerPropName, + String templateName, ICMSTemplateFiller filler) { + mPropName = propName; mFillerPropName = fillerPropName; mTemplateName = templateName; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java index 27f1d3a5..822d8a0d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Hashtable; import java.util.Vector; @@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus; /** * This represents a user request. - * + * * @version $Revision$, $Date$ */ public class CMSRequest { @@ -72,7 +71,7 @@ public class CMSRequest { private IRequest mRequest = null; // whether request processed successfully - private Integer mStatus = SUCCESS; + private Integer mStatus = SUCCESS; // exception message containing error that occured. // note exception could also be thrown seperately. @@ -85,7 +84,7 @@ public class CMSRequest { Object mResult = null; Hashtable mResults = new Hashtable(); - /** + /** * Constructor */ public CMSRequest() { @@ -133,7 +132,7 @@ public class CMSRequest { mServletConfig = servletConfig; } - /* + /* * set the servlet context. the servletcontext has detail * about the currently running request */ @@ -141,20 +140,21 @@ public class CMSRequest { mServletContext = servletContext; } - /** - * Set request status. - * @param status request status. Allowed values are - * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING + /** + * Set request status. + * + * @param status request status. Allowed values are + * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING * @throws IllegalArgumentException if status is not one of the above values */ public void setStatus(Integer status) { - if ( !status.equals( UNAUTHORIZED ) && - !status.equals( SUCCESS ) && - !status.equals( REJECTED ) && - !status.equals( PENDING ) && - !status.equals( ERROR ) && - !status.equals( SVC_PENDING ) && - !status.equals( EXCEPTION ) ) { + if (!status.equals(UNAUTHORIZED) && + !status.equals(SUCCESS) && + !status.equals(REJECTED) && + !status.equals(PENDING) && + !status.equals(ERROR) && + !status.equals(SVC_PENDING) && + !status.equals(EXCEPTION)) { throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); } mStatus = status; @@ -169,9 +169,9 @@ public class CMSRequest { } public void setErrorDescription(String descr) { - if (mErrorDescr == null) + if (mErrorDescr == null) mErrorDescr = new Vector(); - mErrorDescr.addElement(descr); + mErrorDescr.addElement(descr); } public void setResult(Object result) { @@ -259,13 +259,13 @@ public class CMSRequest { return null; } - /** - * set default CMS status according to IRequest status. + /** + * set default CMS status according to IRequest status. */ public void setIRequestStatus() throws EBaseException { if (mRequest == null) { - EBaseException e = - new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); + EBaseException e = + new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); throw e; } @@ -292,8 +292,8 @@ public class CMSRequest { RequestId reqId = mRequest.getRequestId(); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", - status.toString(), reqId.toString())); + CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", + status.toString(), reqId.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index b90278fa..4625fb79 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -39,14 +38,13 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.logging.ILogger; - /** - * File templates. This implementation will take + * File templates. This implementation will take * an HTML file with a special customer tag * <CMS_TEMPLATE> and replace the tag with * a series of javascript variable definitions * (depending on the servlet) - * + * * @version $Revision$, $Date$ */ public class CMSTemplate extends CMSFile { @@ -68,7 +66,7 @@ public class CMSTemplate extends CMSFile { public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>"; /* Character set for i18n */ - + /* Will be set by CMSServlet.getTemplate() */ private String mCharset = null; @@ -78,9 +76,10 @@ public class CMSTemplate extends CMSFile { /** * Constructor + * * @param file template file to load * @param charset character set - * @throws IOException if the there was an error opening the file + * @throws IOException if the there was an error opening the file */ public CMSTemplate(File file, String charset) throws IOException, EBaseException { mCharset = charset; @@ -89,8 +88,8 @@ public class CMSTemplate extends CMSFile { try { init(file); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE")); } @@ -137,8 +136,8 @@ public class CMSTemplate extends CMSFile { log(ILogger.LL_FAILURE, CMS.getLogMessage( "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG)); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", - TEMPLATE_TAG, mAbsPath)); + CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", + TEMPLATE_TAG, mAbsPath)); } mPreOutput = content.substring(0, location); mPostOutput = content.substring(TEMPLATE_TAG.length() + location); @@ -146,16 +145,17 @@ public class CMSTemplate extends CMSFile { return true; } - /** - * Write a javascript representation of 'input' + /** + * Write a javascript representation of 'input' * surrounded by SCRIPT tags to the outputstream + * * @param rout the outputstream to write to * @param input the parameters to write */ public void renderOutput(OutputStream rout, CMSTemplateParams input) - throws IOException { + throws IOException { Enumeration<String> e = null; - Enumeration<IArgBlock> q = null; + Enumeration<IArgBlock> q = null; IArgBlock r = null; boolean headerBlock = false, fixedBlock = false, queryBlock = false; CMSTemplateParams data = (CMSTemplateParams) input; @@ -165,7 +165,7 @@ public class CMSTemplate extends CMSFile { http_out = new HTTPOutputStreamWriter(rout); else http_out = new HTTPOutputStreamWriter(rout, mCharset); - + try { templateLine out = new templateLine(); @@ -194,7 +194,7 @@ public class CMSTemplate extends CMSFile { e = r.elements(); while (e.hasMoreElements()) { headerBlock = true; - String n = e.nextElement(); + String n = e.nextElement(); Object v = r.getValue(n); out.println("header." + n + " = " + renderValue(v) + ";"); @@ -228,7 +228,7 @@ public class CMSTemplate extends CMSFile { out.println("record.SERVER_ATTRS = new Array;"); // Get a query record - r = q.nextElement(); + r = q.nextElement(); e = r.elements(); while (e.hasMoreElements()) { String n = e.nextElement(); @@ -259,7 +259,7 @@ public class CMSTemplate extends CMSFile { /** * Ouput the pre-amble HTML Header including * the pre-output buffer. - * + * * @param out output stream specified * @return success or error */ @@ -281,7 +281,7 @@ public class CMSTemplate extends CMSFile { /** * Output the post HTML tags and post-output * buffer. - * + * * @param out output stream specified * @return success or error */ @@ -313,7 +313,8 @@ public class CMSTemplate extends CMSFile { /* create input stream, can throw IOException */ FileInputStream inStream = new FileInputStream(template); - InputStreamReader inReader = new InputStreamReader(inStream, mCharset);; + InputStreamReader inReader = new InputStreamReader(inStream, mCharset); + ; BufferedReader in = new BufferedReader(inReader); StringBuffer buf = new StringBuffer(); String line; @@ -326,8 +327,8 @@ public class CMSTemplate extends CMSFile { in.close(); inStream.close(); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); } return buf.toString(); } @@ -354,8 +355,8 @@ public class CMSTemplate extends CMSFile { } } else if (v instanceof BigInteger) { s = ((BigInteger) v).toString(10); - } else if (v instanceof Character && - ((Character) v).equals(Character.valueOf((char) 0))) { + } else if (v instanceof Character && + ((Character) v).equals(Character.valueOf((char) 0))) { s = "null"; } else { s = "\"" + v.toString() + "\""; @@ -381,25 +382,25 @@ public class CMSTemplate extends CMSFile { for (int i = 0; i < l; i++) { char c = in[i]; - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -457,9 +458,9 @@ public class CMSTemplate extends CMSFile { return new String(out, 0, j); } - /** - * Like escapeJavaScriptString(String s) but also escape '[' for - * HTML processing. + /** + * Like escapeJavaScriptString(String s) but also escape '[' for + * HTML processing. */ public static String escapeJavaScriptStringHTML(String v) { int l = v.length(); @@ -477,20 +478,20 @@ public class CMSTemplate extends CMSFile { continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -551,25 +552,24 @@ public class CMSTemplate extends CMSFile { * for debugging, return contents that would've been outputed. */ public String getOutput(CMSTemplateParams input) - throws IOException { + throws IOException { debugOutputStream out = new debugOutputStream(); renderOutput(out, input); return out.toString(); } - private - class HTTPOutputStreamWriter extends OutputStreamWriter { + private class HTTPOutputStreamWriter extends OutputStreamWriter { public HTTPOutputStreamWriter(OutputStream out) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out); } - + public HTTPOutputStreamWriter(OutputStream out, String enc) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out, enc); } - + public void print(String s) throws IOException { write(s, 0, s.length()); flush(); @@ -577,9 +577,9 @@ public class CMSTemplate extends CMSFile { } } - private class templateLine { private StringBuffer s = new StringBuffer(); + void println(String p) { s.append('\n'); s.append(p); @@ -595,7 +595,6 @@ public class CMSTemplate extends CMSFile { } - private static class debugOutputStream extends ServletOutputStream { private StringWriter mStringWriter = new StringWriter(); @@ -604,7 +603,7 @@ public class CMSTemplate extends CMSFile { } public void write(int b) throws IOException { - mStringWriter.write(b); + mStringWriter.write(b); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java index 4f8cfc2a..ce2c26c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Vector; import com.netscape.certsrv.base.IArgBlock; - /** * Holds template parameters - * + * * @version $Revision$, $Date$ */ public class CMSTemplateParams { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java index 0cd1102d..e8b848f7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import com.netscape.certsrv.base.EBaseException; - /** * A class represents a CMS gateway exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECMSGWException extends EBaseException { @@ -36,7 +34,7 @@ public class ECMSGWException extends EBaseException { /** * CA resource class name. */ - private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); + private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); /** * Constructs a CMS Gateway exception. diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java index 6debd2c7..1c7d61c9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * Default error template filler - * + * Default error template filler + * * @version $Revision$, $Date$ */ public class GenErrorTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq the CMS Request. * @param authority the authority * @param locale the locale of template. * @param e unexpected error. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -53,14 +52,14 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - + // error String ex = cmsReq.getError(); @@ -75,9 +74,9 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.ERROR, ex); else if (cmsReq.getReason() != null) fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason()); - // Change end - - // error description if any. + // Change end + + // error description if any. Vector descr = cmsReq.getErrorDescr(); if (descr != null) { @@ -88,17 +87,16 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { //System.out.println("Setting description "+elem.toString()); IArgBlock argBlock = CMS.createArgBlock(); - argBlock.set(ICMSTemplateFiller.ERROR_DESCR, - elem); + argBlock.set(ICMSTemplateFiller.ERROR_DESCR, + elem); params.addRepeatRecord(argBlock); } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java index 15456865..1d479fef 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.OutputStream; @@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; - /** - * default Pending template filler - * + * default Pending template filler + * * @version $Revision$, $Date$ */ public class GenPendingTemplateFiller implements ICMSTemplateFiller { @@ -72,25 +70,26 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - if( cmsReq == null ) { + if (cmsReq == null) { return null; } // request status if any. Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); // request id @@ -109,17 +108,17 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { PendInfo pendInfo = new PendInfo(reqId.toString(), new Date()); OtherInfo otherInfo = new - OtherInfo(OtherInfo.PEND, null, pendInfo); + OtherInfo(OtherInfo.PEND, null, pendInfo); SEQUENCE bpids = new SEQUENCE(); String[] reqIdArray = - req.getExtDataInStringArray(IRequest.CMC_REQIDS); + req.getExtDataInStringArray(IRequest.CMC_REQIDS); for (int i = 0; i < reqIdArray.length; i++) { bpids.addElement(new INTEGER(reqIdArray[i])); } CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.PENDING, bpids, - (String) null, otherInfo); + CMCStatusInfo(CMCStatusInfo.PENDING, bpids, + (String) null, otherInfo); TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, @@ -130,7 +129,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { // create recipientNonce // create responseInfo if regInfo exist String[] transIds = - req.getExtDataInStringArray(IRequest.CMC_TRANSID); + req.getExtDataInStringArray(IRequest.CMC_TRANSID); SET ids = new SET(); for (int i = 0; i < transIds.length; i++) { @@ -167,7 +166,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; ta = new TaggedAttribute(new INTEGER(bpid++), @@ -180,13 +179,13 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { SEQUENCE(), new SEQUENCE()); EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); org.mozilla.jss.crypto.X509Certificate x509cert = null; if (authority instanceof ICertificateAuthority) { x509cert = ((ICertificateAuthority) authority).getCaX509Cert(); - }else if (authority instanceof IRegistrationAuthority) { + } else if (authority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) authority).getRACert(); } if (x509cert == null) @@ -194,12 +193,12 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; @@ -207,14 +206,14 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) { signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) { signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else { - CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - " + CMS.debug("GenPendingTemplateFiller::getTemplateParams() - " + "keyType " + keyType.toString() - + " is unsupported!" ); + + " is unsupported!"); return null; } @@ -224,7 +223,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); @@ -234,31 +233,31 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SignedData fResponse = new - SignedData(digestAlgs, ci, - null, null, signInfos); + SignedData(digestAlgs, ci, + null, null, signInfos); ContentInfo fullResponse = new - ContentInfo(ContentInfo.SIGNED_DATA, fResponse); + ContentInfo(ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -270,9 +269,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } @@ -286,4 +285,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java index 798b7f0d..3dde1147 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { @@ -46,7 +44,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -54,11 +52,11 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } @@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { while (msgs.hasMoreElements()) { String ex = (String) msgs.nextElement(); - IArgBlock messageArgBlock = CMS.createArgBlock(); + IArgBlock messageArgBlock = CMS.createArgBlock(); messageArgBlock.set(POLICY_MESSAGE, ex); params.addRepeatRecord(messageArgBlock); @@ -86,10 +84,9 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java index ff3d4f8c..f6de3841 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Success template filler - * + * default Success template filler + * * @version $Revision$, $Date$ */ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,15 +50,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java index d08b83a8..ec1b9777 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -72,10 +71,9 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java index befacf83..cab1b36e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Unauthorized template filler - * + * default Unauthorized template filler + * * @version $Revision$, $Date$ */ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,19 +50,18 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } // set unauthorized error - fixed.set(ICMSTemplateFiller.ERROR, - new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); + fixed.set(ICMSTemplateFiller.ERROR, + new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java index 1ae6ee45..8b560d7b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * default unexpected error template filler - * + * default unexpected error template filler + * * @version $Revision$, $Date$ */ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { @@ -37,41 +35,42 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - + // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other // than CMSRequest.EXCEPTION, so force the requestStatus to // EXCEPTION since it must be that if we're here. Integer sts = CMSRequest.EXCEPTION; - if (cmsReq != null) cmsReq.setStatus(sts); + if (cmsReq != null) + cmsReq.setStatus(sts); fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); // the unexpected error (exception) - if (e == null) + if (e == null) e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); String errMsg = null; - if (e instanceof EBaseException) + if (e instanceof EBaseException) errMsg = ((EBaseException) e).toString(locale); - else + else errMsg = e.toString(); fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg); // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java index ddd6f0a1..2d046f0e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java @@ -17,15 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.authority.IAuthority; - /** * This interface represents a template filler. - * + * * @version $Revision$, $Date$ */ public interface ICMSTemplateFiller { @@ -34,18 +32,18 @@ public interface ICMSTemplateFiller { public final static String ERROR_DESCR = "errorDescription"; public final static String EXCEPTION = "unexpectedError"; - public static final String HOST = "host"; - public static final String PORT = "port"; - public static final String SCHEME = "scheme"; + public static final String HOST = "host"; + public static final String PORT = "port"; + public static final String SCHEME = "scheme"; - public static final String AUTHORITY = "authorityName"; + public static final String AUTHORITY = "authorityName"; - public static final String REQUEST_STATUS = "requestStatus"; + public static final String REQUEST_STATUS = "requestStatus"; - public static final String KEYREC_ID = "keyrecId"; - public static final String REQUEST_ID = "requestId"; + public static final String KEYREC_ID = "keyrecId"; + public static final String REQUEST_ID = "requestId"; public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) - throws Exception; + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) + throws Exception; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java index 27ea5ec1..827f24f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public interface IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java index ce1a5082..59c4a0fe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -26,7 +25,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.ISubsystem; - /** * A class represents a certificate server kernel. This * kernel contains a list of resident subsystems such @@ -34,7 +32,7 @@ import com.netscape.certsrv.base.ISubsystem; * subsystems can be loaded into this kernel by specifying * parameters in the configuration store. * <P> - * + * * @version $Revision$, $Date$ */ public class IndexTemplateFiller implements ICMSTemplateFiller { @@ -53,7 +51,7 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, ctx); @@ -106,8 +104,8 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { // from the caller. This parameter (selected) is used // by header servlet try { - header.addStringValue("selected", - cmsReq.getHttpParams().getValueAsString("selected")); + header.addStringValue("selected", + cmsReq.getHttpParams().getValueAsString("selected")); } catch (EBaseException ex) { } header.addIntegerValue(OUT_TOTAL_COUNT, count); diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java index fb31fec1..f936e075 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public class RawJS implements IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java index 580909cb..9c728c03 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.StringTokenizer; import javax.servlet.ServletConfig; @@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * Utility class - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -45,13 +43,13 @@ public class Utils { public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; - public static String initializeAuthz(ServletConfig sc, - IAuthzSubsystem authz, String id) throws ServletException { + public static String initializeAuthz(ServletConfig sc, + IAuthzSubsystem authz, String id) throws ServletException { String srcType = AUTHZ_SRC_LDAP; try { IConfigStore authzConfig = - CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); + CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { @@ -64,7 +62,7 @@ public class Utils { CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR); if (aclMethod != null && - aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { + aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { String aclInfo = sc.getInitParameter(PROP_ACL); if (aclInfo != null) { @@ -95,7 +93,7 @@ public class Utils { } public static void addACLInfo(IAuthzSubsystem authz, String aclMethod, - String aclInfo) throws EBaseException { + String aclInfo) throws EBaseException { StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java index b3809579..7defeeac 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.connector; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -58,12 +57,11 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Clone servlet - part of the Clone Authority (CLA) * processes Revoked certs from its dependant clone CAs - * service request and return status. - * + * service request and return status. + * * @version $Revision$, $Date$ */ public class CloneServlet extends CMSServlet { @@ -94,8 +92,8 @@ public class CloneServlet extends CMSServlet { mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -134,10 +132,10 @@ public class CloneServlet extends CMSServlet { // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = req.getContentLength(); + len = req.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -166,9 +164,9 @@ public class CloneServlet extends CMSServlet { try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -203,8 +201,8 @@ public class CloneServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); // authorize, any authenticated user are authorized AuthzToken authzToken = null; @@ -243,13 +241,13 @@ public class CloneServlet extends CMSServlet { replymsg = processRequest(CCA_Id, CCAUserId, msg, token); } catch (IOException e) { e.printStackTrace(); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } @@ -273,8 +271,8 @@ public class CloneServlet extends CMSServlet { //cfu ++change this to just check the subject and signer protected IAuthToken authenticate( - X509Certificate peerCert) - throws EBaseException { + X509Certificate peerCert) + throws EBaseException { try { // XXX using agent authentication now since we're only // verifying that the cert belongs to a user in the db. @@ -285,32 +283,32 @@ public class CloneServlet extends CMSServlet { AuthCredentials creds = new AuthCredentials(); - creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, - new X509Certificate[] {cert} - ); + creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, + new X509Certificate[] { cert } + ); - IAuthToken token = mAuthSubsystem.authenticate(creds, + IAuthToken token = mAuthSubsystem.authenticate(creds, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); return token; } catch (CertificateException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (EInvalidCredentials e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } } protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { IPKIMessage replymsg = null; IRequest r = null; IRequestQueue queue = mAuthority.getRequestQueue(); @@ -331,8 +329,8 @@ public class CloneServlet extends CMSServlet { mAuthority.log(ILogger.LL_FAILURE, errormsg); throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); return replymsg; @@ -348,7 +346,7 @@ public class CloneServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid); // Set this so that request's updateBy is recorded @@ -365,14 +363,14 @@ public class CloneServlet extends CMSServlet { //for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - + // Get the certificate info from the request X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); @@ -380,36 +378,35 @@ public class CloneServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { - if - (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { + if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { @@ -578,7 +575,7 @@ public class CloneServlet extends CMSServlet { } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index 67956bd8..8d1c78cd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -72,12 +72,11 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Connector servlet * process requests from remote authority - - * service request or return status. - * + * service request or return status. + * * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { @@ -96,13 +95,13 @@ public class ConnectorServlet extends CMSServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = - "unknown"; + "unknown"; private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = - "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; + "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; @@ -118,13 +117,13 @@ public class ConnectorServlet extends CMSServlet { mAuthority = (IAuthority) CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); @@ -167,10 +166,10 @@ public class ConnectorServlet extends CMSServlet { // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = request.getContentLength(); + len = request.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -198,9 +197,9 @@ public class ConnectorServlet extends CMSServlet { try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -231,8 +230,8 @@ public class ConnectorServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Remote Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Remote Authority authenticated: " + peerCert.getSubjectDN()); // authorize AuthzToken authzToken = null; @@ -270,15 +269,15 @@ public class ConnectorServlet extends CMSServlet { } catch (IOException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } catch (Exception e) { @@ -328,8 +327,8 @@ public class ConnectorServlet extends CMSServlet { try { info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); - CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY); + // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); + CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY); if (certKey != null) { byteStream = new ByteArrayOutputStream(); certKey.encode(byteStream); @@ -369,13 +368,13 @@ public class ConnectorServlet extends CMSServlet { certAlgOut.toByteArray()); } } catch (Exception e) { - CMS.debug("ConnectorServlet: profile normalization " + - e.toString()); + CMS.debug("ConnectorServlet: profile normalization " + + e.toString()); } String profileId = request.getExtDataInString("profileId"); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem("profile"); + CMS.getSubsystem("profile"); IEnrollProfile profile = null; // profile subsystem may not be available. In case of KRA for @@ -399,24 +398,19 @@ public class ConnectorServlet extends CMSServlet { /** * Process request * <P> - * - * (Certificate Request - all "agent" profile cert requests made through a - * connector) + * + * (Certificate Request - all "agent" profile cert requests made through a connector) * <P> - * - * (Certificate Request Processed - all automated "agent" profile based - * cert acceptance made through a connector) + * + * (Certificate Request Processed - all automated "agent" profile based cert acceptance made through a connector) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a - * profile cert request is made (before approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process - * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when - * inter-CIMC_Boundary data transfer is successful (this is used when data - * does not need to be captured) + * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is successful (this is used when data does not need to be captured) * </ul> + * * @param source string containing source * @param sourceUserId string containing source user ID * @param msg PKI message @@ -425,8 +419,8 @@ public class ConnectorServlet extends CMSServlet { * @return PKI message */ protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { String auditMessage = null; String auditSubjectID = sourceUserId; String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL; @@ -477,12 +471,12 @@ public class ConnectorServlet extends CMSServlet { if (thisreq == null) { // strange case. String errormsg = "Cannot find request in request queue " + - thisreqid; + thisreqid; mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_REQUEST_ID_NOT_FOUND_1", - thisreqid.toString())); + CMS.getLogMessage( + "CMSGW_REQUEST_ID_NOT_FOUND_1", + thisreqid.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -501,8 +495,8 @@ public class ConnectorServlet extends CMSServlet { throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); @@ -527,8 +521,8 @@ public class ConnectorServlet extends CMSServlet { // if not found process request. thisreq = queue.newRequest(msg.getReqType()); - CMS.debug("ConnectorServlet: created requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: created requestId=" + + thisreq.getRequestId().toString()); thisreq.setSourceId(srcid); // NOTE: For the following signed audit message, since we only @@ -537,23 +531,23 @@ public class ConnectorServlet extends CMSServlet { // (which is the only exception designated by this method), // then this code does NOT need to be contained within its // own special try/catch block. - msg.toRequest( thisreq ); + msg.toRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { X509CertInfo info = thisreq.getExtDataInCertInfo( - IEnrollProfile.REQUEST_CERTINFO ); + IEnrollProfile.REQUEST_CERTINFO); try { - CertificateSubjectName sn = ( CertificateSubjectName ) - info.get( X509CertInfo.SUBJECT ); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" // it - if( sn != null ) { + if (sn != null) { subject = sn.toString(); - if( subject != null ) { + if (subject != null) { // NOTE: This is ok even if the cert subject // name is "" (empty)! auditCertificateSubjectName = subject.trim(); @@ -562,42 +556,42 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); - } catch( CertificateException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + audit(auditMessage); + } catch (CertificateException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); - } catch( IOException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + audit(auditMessage); + } catch (IOException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); + audit(auditMessage); } } @@ -606,9 +600,9 @@ public class ConnectorServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + - srcid); + srcid); // Set this so that request's updateBy is recorded SessionContext s = SessionContext.getContext(); @@ -622,52 +616,52 @@ public class ConnectorServlet extends CMSServlet { } CMS.debug("ConnectorServlet: calling processRequest instance=" + - thisreq); + thisreq); if (isProfileRequest(thisreq)) { normalizeProfileRequest(thisreq); } try { - queue.processRequest( thisreq ); + queue.processRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } - } catch( EBaseException eAudit1 ) { - if( isProfileRequest( thisreq ) ) { + } catch (EBaseException eAudit1) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } @@ -681,23 +675,23 @@ public class ConnectorServlet extends CMSServlet { replymsg.fromRequest(thisreq); CMS.debug("ConnectorServlet: replymsg.reqStatus=" + - replymsg.getReqStatus()); + replymsg.getReqStatus()); //for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } if (isProfileRequest(thisreq)) { // XXX audit log - CMS.debug("ConnectorServlet: done requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: done requestId=" + + thisreq.getRequestId().toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -724,32 +718,32 @@ public class ConnectorServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (x509Info != null) { for (int i = 0; i < x509Info.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + x509Info[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - x509Info[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { @@ -761,40 +755,40 @@ public class ConnectorServlet extends CMSServlet { x509Certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (x509Certs != null) { for (int i = 0; i < x509Certs.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + x509Certs[i].getSubjectDN(), + "cert issued serial number: 0x" + + x509Certs[i].getSerialNumber().toString(16) } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - x509Certs[i].getSubjectDN(), - "cert issued serial number: 0x" + - x509Certs[i].getSerialNumber().toString(16)} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed" } + ); } } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { X509CertImpl[] certs = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); X509CertImpl old_cert = certs[0]; certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); @@ -802,36 +796,36 @@ public class ConnectorServlet extends CMSServlet { if (old_cert != null && renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed with error"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed with error" } + ); } } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { Certificate[] oldCerts = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); RevokedCertImpl crlentries[] = - thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); CRLExtensions crlExts = crlentries[0].getExtensions(); int reason = 0; @@ -839,7 +833,7 @@ public class ConnectorServlet extends CMSServlet { Enumeration<Extension> enum1 = crlExts.getElements(); while (enum1.hasMoreElements()) { - Extension ext = enum1.nextElement(); + Extension ext = enum1.nextElement(); if (ext instanceof CRLReasonExtension) { reason = ((CRLReasonExtension) ext).getReason().toInt(); @@ -853,7 +847,7 @@ public class ConnectorServlet extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - thisreq.getExtDataInStringArray(IRequest.SVCERRORS); + thisreq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -866,18 +860,18 @@ public class ConnectorServlet extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -892,32 +886,32 @@ public class ConnectorServlet extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed" } + ); } } @@ -1001,7 +995,7 @@ public class ConnectorServlet extends CMSServlet { } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } @@ -1011,11 +1005,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1027,20 +1021,20 @@ public class ConnectorServlet extends CMSServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Profile ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "ProfileID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1062,11 +1056,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request a Request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1122,4 +1116,3 @@ public class ConnectorServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 2a024c3a..171aeb64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,13 +40,11 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - - /** * GenerateKeyPairServlet - * handles "server-side key pair generation" requests from the - * netkey RA. - * + * handles "server-side key pair generation" requests from the + * netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ @@ -68,7 +66,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -82,17 +80,17 @@ public class GenerateKeyPairServlet extends CMSServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* @@ -109,8 +107,7 @@ public class GenerateKeyPairServlet extends CMSServlet { * * recovery blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -123,8 +120,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -136,19 +133,19 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -160,17 +157,17 @@ public class GenerateKeyPairServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest( thisreq ); + queue.processRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -184,40 +181,40 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if( thisreq == null ) { - CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + if (thisreq == null) { + CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* if (selectedToken == null) status = "4"; */ - if (!status.equals("0")) - value = "status="+status; + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " +value); + CMS.debug("processServerSideKeyGen:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -227,7 +224,6 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - /* * For GenerateKeyPair: @@ -258,7 +254,7 @@ public class GenerateKeyPairServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -268,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -277,28 +273,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** XXX remember tocheck peer SSL cert and get RA id later - * + /** + * XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index fa454bd6..dfceddd9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,12 +39,11 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** * TokenKeyRecoveryServlet - * handles "key recovery service" requests from the + * handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ @@ -65,7 +64,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -79,25 +78,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -117,7 +116,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* * processTokenKeyRecovery @@ -144,12 +143,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet { * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -158,7 +156,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -171,7 +169,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -192,18 +190,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - //XXX auto process for netkey - queue.processRequest( thisreq ); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + //XXX auto process for netkey + queue.processRequest(thisreq); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status ="0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -218,25 +216,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* if is RECOVERY_PROTOTYPE - String recoveryBlobString = ""; + /* if is RECOVERY_PROTOTYPE + String recoveryBlobString = ""; - IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); - byte publicKey_b[] = kr.getPublicKeyData(); + IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); + byte publicKey_b[] = kr.getPublicKeyData(); - BigInteger serialNo = kr.getSerialNumber(); + BigInteger serialNo = kr.getSerialNumber(); - String serialNumberString = - com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); + String serialNumberString = + com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); - recoveryBlobString = (String) - thisreq.get("recoveryBlob"); - */ + recoveryBlobString = (String) + thisreq.get("recoveryBlob"); + */ - if( thisreq == null ) { - CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + if (thisreq == null) { + CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -247,8 +245,8 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (selectedToken == null) status = "4"; */ - if (!status.equals("0")) - value = "status="+status; + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -259,13 +257,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -275,7 +273,6 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - /* * For TokenKeyRecovery * @@ -305,7 +302,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -315,7 +312,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -324,28 +321,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** XXX remember to check peer SSL cert and get RA id later - * + /** + * XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index a2509287..8482e71b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.StringTokenizer; @@ -41,19 +40,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() {} + public AdminAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -62,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -103,15 +103,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -125,12 +126,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -170,7 +171,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -185,7 +186,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -193,7 +194,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -235,10 +236,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + + if (s1.length() != 0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -248,11 +249,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); + String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString(); boolean success = updateConfigEntries(host, httpsport, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, - response); + "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, + response); try { config.commit(false); @@ -285,16 +286,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -306,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 78bb9485..871177a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -70,13 +69,14 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() {} + public AdminPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Administrator"); } @@ -101,14 +101,15 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ null, /* no default parameter */ "Email address for an administrator"); @@ -152,7 +153,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (isPanelDone()) { try { @@ -161,11 +163,12 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) {} + } catch (Exception e) { + } } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -176,7 +179,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -186,13 +189,14 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) {} + } catch (EBaseException e1) { + } context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** @@ -200,8 +204,7 @@ public class AdminPanel extends WizardPanelBase { */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { String pwd = HttpInput.getPassword(request, "__pwd"); String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); @@ -256,13 +259,14 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config.getString("securitydomain.select",""); + security_domain_type = config.getString("securitydomain.select", ""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -287,12 +291,12 @@ public class AdminPanel extends WizardPanelBase { } // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "AdminPanel update: " + if (ca != null) { + if (selected_hierarchy.equals("root")) { + CMS.debug("AdminPanel update: " + "Root CA subsystem"); } else { - CMS.debug( "AdminPanel update: " + CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); } @@ -310,9 +314,9 @@ public class AdminPanel extends WizardPanelBase { int ca_port = -1; // REMINDER: This panel is NOT used by "clones" - CMS.debug( "AdminPanel update: " + CMS.debug("AdminPanel update: " + subsystemtype - + " subsystem" ); + + " subsystem"); if (type.equals("sdca")) { try { @@ -339,10 +343,11 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -459,13 +464,15 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) {} + } catch (Exception e) { + } String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { profileId = config.getString("preop.admincert.profile", "caAdminCert"); - } catch (Exception e) {} + } catch (Exception e) { + } } String cert_request_type = HttpInput.getID(request, "cert_request_type"); @@ -474,7 +481,7 @@ public class AdminPanel extends WizardPanelBase { String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -497,7 +504,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -508,9 +515,9 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "AdminPanel::submitRequest() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("AdminPanel::submitRequest() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -525,7 +532,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -539,7 +546,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -564,9 +571,9 @@ public class AdminPanel extends WizardPanelBase { String cert_request_type = HttpInput.getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if( cs == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); - throw new IOException( "cs is null" ); + if (cs == null) { + CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); + throw new IOException("cs is null"); } String subject = ""; @@ -582,10 +589,10 @@ public class AdminPanel extends WizardPanelBase { "AdminPanel createAdminCertificate: Exception=" + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -594,33 +601,33 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if( x509key == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); - throw new IOException( "x509key is null" ); + if (x509key == null) { + CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); + throw new IOException("x509key is null"); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } cs.putString("preop.admincert.serialno.0", - impl.getSerialNumber().toString(16)); + impl.getSerialNumber().toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -640,8 +647,9 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) {} - if (ca == null && type.equals("otherca")) { + } catch (Exception e) { + } + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -655,7 +663,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -665,11 +673,10 @@ public class AdminPanel extends WizardPanelBase { return false; } - private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -681,7 +688,7 @@ public class AdminPanel extends WizardPanelBase { userChain[0] = cert; PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); @@ -689,7 +696,7 @@ public class AdminPanel extends WizardPanelBase { String p7Str = CMS.BtoA(p7Bytes); cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index a62b22b7..6bda8749 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() {} + public AgentAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -57,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select",""); + String select = cs.getString("securitydomain.select", ""); if (select.equals("new")) { return true; } @@ -78,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -96,15 +96,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -118,14 +119,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -143,8 +144,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { } /** @@ -182,34 +182,35 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } -/* - // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from - // web.xml as part of CC interface review - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + /* + // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from + // web.xml as part of CC interface review + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } -*/ + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } + */ try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -217,9 +218,8 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index ceab1d8d..6700b931 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() {} + public AuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -62,21 +62,22 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid",""); + String s = cs.getString("preop.ca.agent.uid", ""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -90,14 +91,14 @@ public class AuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -151,30 +152,31 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -182,9 +184,8 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 77977808..c1529f25 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -71,19 +70,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() {} + public BackupKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -105,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -122,15 +122,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -170,7 +171,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); @@ -219,9 +220,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -242,8 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) - throws IOException { + public void backupKeysCerts(HttpServletRequest request) + throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -257,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String pwd = request.getParameter("__pwd"); @@ -273,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert."+t+".nickname"); + nickname = cs.getString("preop.cert." + t + ".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname+":"+nickname; + nickname = modname + ":" + nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -288,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -296,14 +296,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } } //while loop - + X509Certificate[] cacerts = cm.getCACerts(); - for (int i=0; i<cacerts.length; i++) { + for (int i = 0; i < cacerts.length; i++) { //String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { @@ -311,7 +311,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -319,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -329,13 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -344,23 +344,23 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] priData = getEncodedKey(pkey); PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); + PBEAlgorithm.PBE_SHA1_DES3_CBC, + pass, salt, 1, passConverter, pki); SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + x509cert.getSubjectDN().toString(), localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, + key, keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -369,10 +369,10 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -386,7 +386,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -395,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) - throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) + throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -412,16 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -442,7 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 01d06631..9bb81902 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; @@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; - public class BaseServlet extends VelocityServlet { /** @@ -53,7 +51,8 @@ public class BaseServlet extends VelocityServlet { if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) {} + } catch (IOException e) { + } return false; } return true; @@ -70,25 +69,25 @@ public class BaseServlet extends VelocityServlet { // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 33a0ff69..f80957d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() {} + public CAInfoPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -82,14 +82,15 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -118,15 +119,18 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) {} + } catch (Exception e) { + } if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -143,12 +147,12 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; -/* - try { - cstype = cs.getString("cs.type", ""); - } catch (EBaseException e) {} -*/ - + /* + try { + cstype = cs.getString("cs.type", ""); + } catch (EBaseException e) {} + */ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -163,12 +167,13 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) {} - + } catch (Exception e) { + } + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -213,25 +218,26 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } URL urlx = null; @@ -240,7 +246,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,7 +278,8 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { @@ -301,9 +308,9 @@ public class CAInfoPanel extends WizardPanelBase { config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, true, context, - certApprovalCallback ); + certApprovalCallback); } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index fb8c2d9c..0aedded8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - - - public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -116,8 +113,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 30bcc78d..119dead0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -42,19 +41,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() {} + public CertPrettyPrintPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -63,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -83,7 +83,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -153,7 +154,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { } catch (Exception e) { CMS.debug( "CertPrettyPrintPanel: display() certTag " + certTag - + " Exception caught: " + e.toString()); + + " Exception caught: " + e.toString()); } } } catch (Exception e) { @@ -192,7 +193,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { config.commit(false); } catch (EBaseException e) { CMS.debug( - "CertPrettyPrintPanel: update() Exception caught at config commit: " + "CertPrettyPrintPanel: update() Exception caught at config commit: " + e.toString()); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 5e783b1a..72e145d6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -58,19 +57,20 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() {} + public CertRequestPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; @@ -80,13 +80,13 @@ public class CertRequestPanel extends WizardPanelBase { // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ null, /* no default parameters */ null); set.add("cert", certDesc); - + return set; } @@ -95,13 +95,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -114,7 +114,7 @@ public class CertRequestPanel extends WizardPanelBase { boolean hardware = false; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } try { @@ -126,16 +126,16 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString()); return false; } } @@ -148,13 +148,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); - + ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -176,27 +176,26 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum,16)); + cr.resetSerialNumber(new BigInteger(beginNum, 16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString()); } } } - StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); - nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); + nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); } catch (Exception e) { } @@ -208,10 +207,10 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString()); } } } @@ -235,7 +234,8 @@ public class CertRequestPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -254,9 +254,9 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug( "CertRequestPanel getCert: certTag=" + certTag - + " cert=" + certs); + + " cert=" + certs); //get and set formated cert - if (!certs.startsWith("...")) { + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); @@ -266,7 +266,7 @@ public class CertRequestPanel extends WizardPanelBase { CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); + CMS.debug("CertRequestPanel::getCert() - cert is null!"); return; } String userfriendlyname = config.getString( @@ -285,18 +285,16 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; String pubKeyEncoded = config.getString( PCERT_PREFIX + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; String pubKeyModulus = config.getString( @@ -305,7 +303,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } @@ -323,8 +321,8 @@ public class CertRequestPanel extends WizardPanelBase { } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug( "CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!" ); + CMS.debug("CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!"); return; } @@ -341,7 +339,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -349,7 +347,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -361,7 +359,7 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - + String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); @@ -410,7 +408,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); @@ -458,7 +456,7 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString()); } return false; @@ -472,7 +470,7 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString()); } } @@ -502,7 +500,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -510,11 +508,11 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); @@ -533,20 +531,20 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType(), context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); @@ -574,13 +572,13 @@ public class CertRequestPanel extends WizardPanelBase { + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr = true; + // hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); + String b64chain = HttpInput.getCertChain(request, certTag + "_cc"); CMS.debug( "CertRequestPanel: in update() process remote...import cert"); @@ -590,11 +588,11 @@ public class CertRequestPanel extends WizardPanelBase { try { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); @@ -619,21 +617,21 @@ public class CertRequestPanel extends WizardPanelBase { leaf = certchains[certchains.length - 1]; } - if( leaf == null ) { - CMS.debug( "CertRequestPanel::update() - " - + "leaf is null!" ); - throw new IOException( "leaf is null" ); + if (leaf == null) { + CMS.debug("CertRequestPanel::update() - " + + "leaf is null!"); + throw new IOException("leaf is null"); } if (/*(certchains.length <= 1) &&*/ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); - try { - CryptoUtil.importCertificateChain( - CryptoUtil.normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); - } + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + try { + CryptoUtil.importCertificateChain( + CryptoUtil.normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; @@ -651,17 +649,17 @@ public class CertRequestPanel extends WizardPanelBase { + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr=true; + // hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr=true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr = true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); @@ -671,10 +669,10 @@ public class CertRequestPanel extends WizardPanelBase { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString()); } try { @@ -683,8 +681,8 @@ public class CertRequestPanel extends WizardPanelBase { else CryptoUtil.importUserCertificate(impl, nickname, false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); - hasErr=true; + CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString()); + hasErr = true; } } @@ -696,16 +694,16 @@ public class CertRequestPanel extends WizardPanelBase { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname+ ":"+ nickname; + NickName = tokenname + ":" + nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } + } } //while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -723,13 +721,13 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert."+tag+".nickname", ""); + String nickname = config.getString("preop.cert." + tag + ".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate)c; + InternalCertificate ic = (InternalCertificate) c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { @@ -738,10 +736,10 @@ public class CertRequestPanel extends WizardPanelBase { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 3725149d..f87af9bd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; - public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, - int port, String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, + int port, String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -104,9 +103,9 @@ public class CertUtil { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "CertUtil::createRemoteCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("CertUtil::createRemoteCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -136,7 +135,7 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); @@ -147,29 +146,29 @@ public class CertUtil { String algorithm = config.getString( prefix + certTag + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - prefix + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - prefix + certTag + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString( + prefix + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + prefix + certTag + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( + String pubKeyEncoded = config.getString( prefix + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + pubk = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); } else { - CMS.debug( "CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!" ); - throw new IOException( "public key type is unsupported" ); + CMS.debug("CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!"); + throw new IOException("public key type is unsupported"); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException( "public key is null" ); + throw new IOException("public key is null"); } // get private key String privKeyID = config.getString(prefix + certTag + ".privkey.id"); @@ -201,15 +200,14 @@ public class CertUtil { } } - -/* - * create requests so renewal can work on these initial certs - */ + /* + * create requests so renewal can work on these initial certs + */ public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { -// RequestId rid = new RequestId(serialNum); + // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue -// IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); + // IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -224,7 +222,7 @@ public class CertUtil { req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes",""); + req.setExtData("requestnotes", ""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,13 +233,12 @@ public class CertUtil { return req; } -/** - * update local cert request with the actual request - * called from CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) - { - try { + /** + * update local cert request with the actual request + * called from CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) { + try { CMS.debug("Updating local request... certTag=" + certTag); RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); @@ -262,54 +259,56 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } -/** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different algorithm - * can specify it in the profile using default.params.signingAlg - */ + /** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different algorithm + * can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - }; - }; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()).split(","); - for (int i=0; i<algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || - (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + } + ; + } + ; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()).split(","); + for (int i = 0; i < algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || + (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } @@ -324,14 +323,15 @@ public class CertUtil { try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) {} + } catch (Exception e) { + } X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -355,7 +355,7 @@ public class CertUtil { CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, date, keyAlgorithm); - } else { + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); @@ -375,7 +375,7 @@ public class CertUtil { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= "+profile); + CMS.debug("CertUtil profile name= " + profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -387,7 +387,7 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); @@ -399,7 +399,7 @@ public class CertUtil { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:"+e.toString()); + CMS.debug("Creating local request exception:" + e.toString()); } processor.populate(info); @@ -410,36 +410,36 @@ public class CertUtil { PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( keyIDb); - if( caPrik == null ) { - CMS.debug( "CertUtil::createSelfSignedCert() - " - + "CA private key is null!" ); - throw new IOException( "CA private key is null" ); + if (caPrik == null) { + CMS.debug("CertUtil::createSelfSignedCert() - " + + "CA private key is null!"); + throw new IOException("CA private key is null"); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = - config.getString("preop.cert.signing.keytype","rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); + String caSigningKeyType = + config.getString("preop.cert.signing.keytype", "rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); + caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, + caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, + caSigningKeyAlgo); } if (cert != null) { @@ -462,13 +462,13 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); record = (ICertRecord) cr.createCertRecord( - cert.getSerialNumber(), cert, meta); + cert.getSerialNumber(), cert, meta); } catch (Exception e) { CMS.debug( - "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); + "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); } try { @@ -507,21 +507,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num=0; + int num = 0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user"+num; + String id = "user" + num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -566,7 +566,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception="+e.toString()); + CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); } IGroup group = null; @@ -603,17 +603,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert."+certTag+".privkey.id"); + givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -624,7 +624,7 @@ public class CertUtil { boolean hardware = false; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } X509Certificate cert = null; @@ -633,7 +633,7 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString()); return false; } @@ -641,19 +641,19 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index b3c10b6e..a28ae76b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class CheckIdentity extends CMSServlet { /** @@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index f2587300..5ae9bada 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -50,7 +48,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, @@ -68,25 +66,25 @@ public abstract class ConfigBaseServlet extends BaseServlet { // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -97,7 +95,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { public Template process(HttpServletRequest request, HttpServletResponse response, Context context) { - + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -107,16 +105,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index d95c85d1..956c285b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; - -public class ConfigCertApprovalCallback - implements SSLCertificateApprovalCallback { +public class ConfigCertApprovalCallback + implements SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 37493b6b..b04de414 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCertReqServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index e7d88a35..ed1d9cc0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCloneServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 08ebf08e..2b4a82a0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; - public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (modified.equals("true")) { return true; @@ -75,7 +74,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else { hostname = HOST; portStr = PORT; @@ -113,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -159,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -189,7 +189,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index d04fbf2f..92e2ee39 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileNotFoundException; import java.io.IOException; @@ -46,7 +45,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() {} + public ConfigHSMLoginPanel() { + } public void init(ServletConfig config, int panelno) throws ServletException { try { @@ -132,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-"+tokName); + String tokPwd = pr.getPassword("hardware-" + tokName); boolean loggedIn = false; @@ -157,48 +157,48 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug( - "ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug( + "ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); - + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ set.add( "choice", choiceDesc); - + return set; } @@ -220,10 +220,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - -// if (select.equals("clone")) - // return; - + + // if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -233,7 +233,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -270,13 +270,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-"+uTokName, uPasswd); + pw.putPassword("hardware-" + uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { CMS.debug( "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to "+ mPwdFilePath); + + e.toString() + " writing to " + mPwdFilePath); CMS.debug( "ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); @@ -288,7 +288,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -308,4 +308,3 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index bfc6e278..9428ecce 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; - public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -131,9 +129,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } else { CMS.debug( "ConfigHSMServlet: token " + token.getName() - + " not to be added"); + + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -165,11 +163,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -178,7 +176,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -290,8 +288,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 3b3b8a64..c65e559d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigImportCertServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 01917303..5d50193c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; - public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -52,12 +50,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (cert == null || cert.equals("")) { return false; } else { @@ -69,7 +68,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); @@ -85,7 +84,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) {} + } catch (Exception e) { + } String select = "auto"; boolean select_manual = true; @@ -94,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug( "ConfigJoinServlet::display() - " - + "Exception="+e.toString() ); + CMS.debug("ConfigJoinServlet::display() - " + + "Exception=" + e.toString()); return; } if (select.equals("auto")) { @@ -109,12 +109,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -128,7 +129,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); @@ -160,9 +161,10 @@ public class ConfigJoinServlet extends ConfigBaseServlet { } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - + public Template getTemplate(HttpServletRequest request, HttpServletResponse response, Context context) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 895c75ac..44046fdc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; - public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -54,12 +52,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (profile == null || profile.equals("")) { return false; } else { @@ -73,7 +72,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String p[] = { "caCert.profile" }; Vector profiles = new Vector(); @@ -81,13 +81,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { profiles.addElement( new CertInfoProfile(instancePath + "/conf/" + p[i])); - } catch (Exception e) {} + } catch (Exception e) { + } } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; @@ -95,7 +96,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +110,16 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) {} + config.commit(false); + } catch (Exception e) { + } context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,7 +127,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, HttpServletResponse response, Context context) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index daf14c9e..377043d5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() {} + public CreateSubsystemPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -72,15 +72,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,8 +113,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -121,8 +122,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -144,7 +145,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +165,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length()==0) + if (list.length() == 0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -196,8 +197,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -209,7 +210,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -223,9 +224,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX+tag+".enable", true); - else - config.putBoolean(PCERT_PREFIX+tag+".enable", false); + config.putBoolean(PCERT_PREFIX + tag + ".enable", true); + else + config.putBoolean(PCERT_PREFIX + tag + ".enable", false); } // get the master CA @@ -254,10 +255,10 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort( config, + String https_admin_port = getSecurityDomainAdminPort(config, host, String.valueOf(https_ee_port), - cstype ); + cstype); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -265,12 +266,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, - true, context, certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port, + true, context, certApprovalCallback); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index e18d86cf..d3867e52 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST="Enter FQDN here"; + private static final String CLONE_HOST = "Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -74,19 +73,20 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() {} + public DatabasePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -109,7 +109,8 @@ public class DatabasePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -120,7 +121,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -130,14 +131,14 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, - "Bind Password"); + "Bind Password"); set.add("bindpwd", bindpwdDesc); @@ -187,8 +188,8 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -199,12 +200,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug( "DatabasePanel::display() - " - + "Exception="+e.toString() ); + CMS.debug("DatabasePanel::display() - " + + "Exception=" + e.toString()); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=')+1); + database = basedn.substring(basedn.lastIndexOf('=') + 1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -223,11 +224,10 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - - + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -243,15 +243,14 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true")? "on":"off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); + context.put("secureConn", (secure.equals("true") ? "on" : "off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" : "off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -395,8 +394,7 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -409,7 +407,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -428,12 +426,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -443,81 +441,78 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) - { + private boolean deleteDir(File dir) { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i=0; i<children.length; i++) { + for (int i = 0; i < children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) - { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn=""; + String dn = ""; try { CMS.debug("Deleting baseDN: " + baseDN); LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); + attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); + } catch (LDAPException e) { } - catch (LDAPException e) {} - + try { - dn="cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } - catch (LDAPException e) {} + dn = "cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } catch (LDAPException e) { + } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); + attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { CMS.debug("Unable to delete database directory " + dbdir); } } } + } catch (LDAPException e) { } - catch (LDAPException e) {} } - - private void populateDB(HttpServletRequest request, Context context, String secure) - throws IOException { + private void populateDB(HttpServletRequest request, Context context, String secure) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -542,41 +537,44 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) foundBaseDN = true; + if (entry != null) + foundBaseDN = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } @@ -584,8 +582,7 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } - else { + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -596,9 +593,8 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } - else { + throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -609,7 +605,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; + String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -623,7 +619,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; + String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -644,19 +640,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain"}; + String oc3[] = { "top", "domain" }; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: "+baseDN); + throw new IOException("Failed to create the base DN: " + baseDN); } // check to see if the base dn exists @@ -666,15 +662,17 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) {} + } catch (LDAPException e) { + } boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!foundBaseDN) { if (!testing) { @@ -697,7 +695,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit"}; + String oc[] = { "top", "organizationalUnit" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -705,7 +703,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -723,25 +721,26 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) {} + } catch (LDAPException e) { + } } private void importLDIFS(String param, LDAPConnection conn) throws IOException { @@ -751,11 +750,11 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -787,13 +786,12 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - - String configDir = instancePath + File.separator + "conf"; + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -846,11 +844,11 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); throw new IOException( "Problem of copying ldif file: " + filename); @@ -867,7 +865,7 @@ public class DatabasePanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -903,17 +901,17 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on") ? "true" : "false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* if user submits the same data, they just want to skip - to the next panel, no database population is required. */ - if (hostname1.equals(hostname2) && - portStr1.equals(portStr2) && - database1.equals(database2)) { + /* if user submits the same data, they just want to skip + to the next panel, no database population is required. */ + if (hostname1.equals(hostname2) && + portStr1.equals(portStr2) && + database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -921,15 +919,14 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - try { - populateDB(request, context, (secure.equals("on")?"true":"false")); + populateDB(request, context, (secure.equals("on") ? "true" : "false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -950,11 +947,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd" , replicationpwd); + cs.putString("preop.internaldb.replicationpwd", replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -983,57 +980,57 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on")?"true":"false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* For vlvtask, we need to check if the task has - been completed or not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[])null); - if (task != null) { - LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues().nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); - } - } + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on") ? "true" : "false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* For vlvtask, we need to check if the task has + been completed or not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[]) null); + if (task != null) { + LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues().nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); + } + } + } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); + setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1048,25 +1045,24 @@ public class DatabasePanel extends WizardPanelBase { } } - if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug( - "DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug( + "DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } private void setupReplication(HttpServletRequest request, - Context context, String secure, String cloneStartTLS) throws IOException { + Context context, String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1078,13 +1074,12 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - //setup replication agreement - String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; + String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; + String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1119,18 +1114,18 @@ public class DatabasePanel extends WizardPanelBase { master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1140,13 +1135,13 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); + String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); String masterBindUser = "Replication Manager " + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; @@ -1168,16 +1163,16 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (! replicationDone(replicadn, conn1, masterAgreementName)) { + while (!replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } @@ -1185,12 +1180,12 @@ public class DatabasePanel extends WizardPanelBase { String status = replicationStatus(replicadn, conn1, masterAgreementName); if (!status.startsWith("0 ")) { CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + - status); + status); throw new IOException("consumer initialization failed. " + status); - } + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: "+e.toString()); + CMS.debug("DatabasePanel setupReplication: " + e.toString()); throw new IOException("Failed to setup the replication for cloning."); } } @@ -1203,15 +1198,15 @@ public class DatabasePanel extends WizardPanelBase { Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1231,11 +1226,11 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: " + ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString()); throw e; } } @@ -1244,7 +1239,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1259,17 +1254,17 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); -/* leave it, dont delete it because it will have operation error - try { - conn.delete(dn); - conn.add(entry); - } catch (LDAPException ee) { - CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); - } -*/ + /* leave it, dont delete it because it will have operation error + try { + conn.delete(dn); + conn.add(entry); + } catch (LDAPException ee) { + CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); + } + */ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString()); throw e; } } @@ -1278,8 +1273,8 @@ public class DatabasePanel extends WizardPanelBase { } private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) - throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); + throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1290,7 +1285,7 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1300,47 +1295,47 @@ public class DatabasePanel extends WizardPanelBase { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { /* BZ 470918 -we cant just add the new dn. We need to do a replace instead * until the DS code is fixed */ - CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); - + CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used"); + try { entry = conn.read(replicadn); LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue( "cn=" + bindUser + ",cn=config"); + attr.addValue("cn=" + bindUser + ",cn=config"); LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - +replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + + replicadn + " entry. Exception: " + e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, int replicaport, + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1351,50 +1346,50 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description",name)); + attrs.add(new LDAPAttribute("description", name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1405,33 +1400,33 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5beginreplicarefresh"}; + String[] attrs = { "nsds5beginreplicarefresh" }; - CMS.debug("DatabasePanel replicationDone: dn: "+dn); + CMS.debug("DatabasePanel replicationDone: dn: " + dn); try { LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true); + attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1439,29 +1434,29 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5replicalastinitstatus"}; + String[] attrs = { "nsds5replicalastinitstatus" }; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: "+dn); + CMS.debug("DatabasePanel replicationStatus: dn: " + dn); try { LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, false); + attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String)valsInAttr.nextElement(); + return (String) valsInAttr.nextElement(); } else { throw new IOException("No value returned for nsds5replicalastinitstatus"); } @@ -1475,35 +1470,35 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir=""; + String instancedir = ""; try { String filter = "(objectclass=*)"; - String[] attrs = {"nsslapd-directory"}; + String[] attrs = { "nsslapd-directory" }; LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while ( valsInAttr.hasMoreElements() ) { - String nextValue = (String)valsInAttr.nextElement(); + while (valsInAttr.hasMoreElements()) { + String nextValue = (String) valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); - return nextValue.substring(0,nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue); + return nextValue.substring(0, nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index d8fd7526..c44f6113 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DatabaseServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index 1e1b6dec..d72984d2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -42,25 +41,26 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() {} + public DisplayCertChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -70,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -86,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select",""); + try { + String select = cs.getString("securitydomain.select", ""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -132,7 +132,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } int size = 0; Vector v = new Vector(); @@ -140,20 +141,22 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) {} + } catch (Exception e) { + } for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); CertPrettyPrint pp = new CertPrettyPrint( - new X509CertImpl(b_c)); + new X509CertImpl(b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) {} + } catch (Exception e) { + } } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -184,7 +187,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo()+1; + int panel = getPanelNo() + 1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); @@ -192,23 +195,23 @@ public class DisplayCertChainPanel extends WizardPanelBase { String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString( "securitydomain.httpport", - getSecurityDomainPort( cs, "UnSecurePort" ) ); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort( cs, "SecureAgentPort" ) ); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort( cs, "SecurePort" ) ); + cs.putString("securitydomain.httpport", + getSecurityDomainPort(cs, "UnSecurePort")); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort(cs, "SecureAgentPort")); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort(cs, "SecurePort")); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); + CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); } } context.put("updateStatus", "success"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index 00871921..3bb8c73c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DisplayServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 9669ddb1..b330b705 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -58,22 +57,23 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); public static final String RESTART_SERVER_AFTER_CONFIGURATION = - "restart_server_after_configuration"; + "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() {} + public DonePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Done"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -88,15 +88,14 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } private LDAPConnection getLDAPConn(Context context) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -112,8 +111,8 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("DonePanel: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); } try { @@ -138,11 +137,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -153,10 +152,9 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - /** * Display the panel. */ @@ -193,31 +191,32 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/bin/systemctl"); - context.put( "instanceId", systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/bin/systemctl"); + context.put("instanceId", systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -233,7 +232,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -280,11 +279,11 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -305,10 +304,10 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; - for (int i=0; i< clist.length; i++) { + String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" }; + for (int i = 0; i < clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; @@ -320,9 +319,9 @@ public class DonePanel extends WizardPanelBase { conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups" ); + CMS.debug("Unable to create security domain list groups"); throw e; - } + } try { // Add this host (only CA can create new domain) @@ -340,8 +339,8 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("SecureAdminPort", ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -357,28 +356,29 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: "+e.toString()); + CMS.debug("DonePanel display: " + e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt( sd_admin_port ); + sd_admin_port_int = Integer.parseInt(sd_admin_port); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug( "Dump contents of new Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); - } catch( Exception e ) {} + CMS.debug("Dump contents of new Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); + } catch (Exception e) { + } // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" + PKI_SECURITY_DOMAIN; - if( !Utils.isNT() ) { - Utils.exec( "touch " + security_domain ); - Utils.exec( "chmod 00660 " + security_domain ); + if (!Utils.isNT()) { + Utils.exec("touch " + security_domain); + Utils.exec("chmod 00660 " + security_domain); } } else { //existing domain @@ -398,31 +398,31 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr="&eeclientauthsport=" + owneeclientauthsport; + if (owneeclientauthsport != null) + eecaStr = "&eeclientauthsport=" + owneeclientauthsport; - updateDomainXML( sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", + updateDomainXML(sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", "list=" + s - + "&type=" + type - + "&host=" + ownhost - + "&name=" + subsystemName - + "&sport=" + ownsport - + domainMasterStr - + cloneStr - + "&agentsport=" + ownagentsport - + "&adminsport=" + ownadminsport - + eecaStr - + "&httpport=" + ownport ); + + "&type=" + type + + "&host=" + ownhost + + "&name=" + subsystemName + + "&sport=" + ownsport + + domainMasterStr + + cloneStr + + "&agentsport=" + ownagentsport + + "&adminsport=" + ownadminsport + + eecaStr + + "&httpport=" + ownport); // Fetch the "updated" security domain and display it - CMS.debug( "Dump contents of updated Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); + CMS.debug("Dump contents of updated Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); } catch (Exception e) { context.put("errorString", "Failed to update the security domain on the domain master."); //return; @@ -439,7 +439,6 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); } - // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { @@ -469,7 +468,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -478,7 +477,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -495,22 +494,22 @@ public class DonePanel extends WizardPanelBase { serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; } else { serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); - conn.modify( serialdn, serialmod ); + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange); + conn.modify(serialdn, serialmod); String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); - conn.modify( requestdn, requestmod ); + LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange); + conn.modify(requestdn, requestmod); - conn.disconnect(); + conn.disconnect(); } catch (Exception e) { CMS.debug("Unable to update global next range numbers: " + e); - } + } } - } + } if (cloneMaster) { // cloning a domain master CA, the clone is also master of its domain @@ -550,24 +549,30 @@ public class DonePanel extends WizardPanelBase { // more cloning variables needed for non-ca clones - if (! type.equals("CA")) { + if (!type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) @@ -581,9 +586,9 @@ public class DonePanel extends WizardPanelBase { // been restarted! String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION; - if( !Utils.isNT() ) { - Utils.exec( "touch " + restart_server ); - Utils.exec( "chmod 00660 " + restart_server ); + if (!Utils.isNT()) { + Utils.exec("touch " + restart_server); + Utils.exec("chmod 00660 " + restart_server); } } catch (Exception e) { @@ -593,13 +598,12 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() - { + private void setupClientAuthUser() { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA IUGSubsystem system = - (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -640,9 +644,8 @@ public class DonePanel extends WizardPanelBase { } } - - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -661,7 +664,7 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; + String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -675,7 +678,7 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); @@ -686,9 +689,9 @@ public class DonePanel extends WizardPanelBase { } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = - (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain @@ -696,9 +699,9 @@ public class DonePanel extends WizardPanelBase { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, - MINUS_ONE, null, null); + leafCert.getSubjectDN().getName(), + BIG_ZERO, + MINUS_ONE, null, null); try { rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); @@ -748,7 +751,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -757,21 +760,21 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; + CMS.debug("DonePanel: Transport certificate is being setup in " + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; - updateConnectorInfo(host, port, true, content); + updateConnectorInfo(host, port, true, content); } } @@ -802,12 +805,14 @@ public class DonePanel extends WizardPanelBase { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException {} + Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {/* This should never be called */} + Context context) {/* This should never be called */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 9d7fc22a..094aa716 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String)httpReq.getSession().getAttribute("pin"); + String pin = (String) httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -101,16 +102,17 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); + CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 87cb7a7c..6c286e81 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetCertChain extends CMSServlet { /** @@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -63,11 +62,12 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,7 +95,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index c1010b46..1ff06416 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -67,11 +68,12 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -84,12 +86,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -104,32 +106,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetConfigEntries process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -140,9 +142,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1+"."+enum1.nextElement(); + String name = name1 + "." + enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -171,10 +173,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 74edda79..2c9cc41f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - public class GetCookie extends CMSServlet { /** @@ -58,9 +57,9 @@ public class GetCookie extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -68,6 +67,7 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,12 +78,13 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -100,14 +101,14 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url ="+url); + CMS.debug("GetCookie before auth, url =" + url); String url_e = ""; URL u = null; try { @@ -115,13 +116,13 @@ public class GetCookie extends CMSServlet { u = new URL(url_e); } catch (Exception eee) { throw new ECMSGWException( - "GetCookie missing parameter: url"); + "GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2+10); + subsystem = url.substring(index2 + 10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -131,9 +132,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -149,17 +150,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ - } + /* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ + } - if( form == null ) { + if (form == null) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException( "form is null" ); + throw new EBaseException("form is null"); } try { @@ -170,16 +171,16 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -195,7 +196,7 @@ public class GetCookie extends CMSServlet { // assign cookie long num = mRandom.nextLong(); - cookie = num+""; + cookie = num + ""; ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); String addr = ""; try { @@ -207,11 +208,11 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index+1); + ip = ip.substring(index + 1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + + String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); @@ -232,18 +233,18 @@ public class GetCookie extends CMSServlet { } try { - String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); + String sd_url = "https://" + CMS.getEESSLHost() + ":" + CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } header.addStringValue("url", url); @@ -254,13 +255,13 @@ public class GetCookie extends CMSServlet { ServletOutputStream out = httpResp.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { @@ -278,25 +279,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = - (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && - subsystemname.equals("CA")) { + IUGSubsystem subsystem = + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && + subsystemname.equals("CA")) { return "Enterprise CA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && - subsystemname.equals("KRA")) { + subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && - subsystemname.equals("OCSP")) { + subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && - subsystemname.equals("TKS")) { + subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && - subsystemname.equals("RA")) { + subsystemname.equals("RA")) { return "Enterprise RA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && - subsystemname.equals("TPS")) { + subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index f9e6c70e..04d88dba 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class GetDomainXML extends CMSServlet { /** @@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,12 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,8 +95,7 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -129,7 +128,7 @@ public class GetDomainXML extends CMSServlet { // this should return CAList, KRAList etc. LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; @@ -137,10 +136,10 @@ public class GetDomainXML extends CMSServlet { String listName = dn.substring(3, dn.indexOf(",")); String subType = listName.substring(0, listName.indexOf("List")); Node listNode = xmlObj.createContainer(domainInfo, listName); - + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, false, cons); + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, false, cons); while (res2.hasMoreElements()) { Node node = xmlObj.createContainer(listNode, subType); LDAPEntry entry = res2.next(); @@ -149,32 +148,29 @@ public class GetDomainXML extends CMSServlet { while (attrsInSet.hasMoreElements()) { LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { + if ((!attrName.equals("cn")) && (!attrName.equals("objectClass"))) { String attrValue = (String) nextAttr.getStringValues().nextElement(); xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); } } - count ++; - } + count++; + } xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); } // Add new xml object as string to response. response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); status = FAILED; - } - finally { - if ((conn != null) && (connFactory!= null)) { + } finally { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } - else { - // get data from file store + } else { + // get data from file store String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -194,10 +190,9 @@ public class GetDomainXML extends CMSServlet { CMS.debug("GetDomainXML: Done Reading domain.xml..."); response.addItemToContainer(root, "DomainInfo", new String(buf)); - } - catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" + e.toString()); - status = FAILED; + } catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + e.toString()); + status = FAILED; } } @@ -211,16 +206,19 @@ public class GetDomainXML extends CMSServlet { } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) return "Host"; - else return attribute; + if (attribute.equals("host")) + return "Host"; + else + return attribute; } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 02fe36c1..28279f04 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetStatus extends CMSServlet { /** @@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index c1bf138e..7beda662 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; - public class GetSubsystemCert extends CMSServlet { /** @@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -76,16 +75,16 @@ public class GetSubsystemCert extends CMSServlet { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname="+nickname); + CMS.debug("GetSubsystemCert process: nickname=" + nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); outputError(httpResp, "Error: Failed to get subsystem certificate."); @@ -95,7 +94,7 @@ public class GetSubsystemCert extends CMSServlet { byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: "+e.toString()); + CMS.debug("GetSubsystemCert process: exception: " + e.toString()); } try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index d7af0740..4d11af8a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,11 +61,12 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -78,8 +80,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetTokenInfo process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); @@ -97,7 +99,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning."+name+".nickname"; + name = "cloning." + name + ".nickname"; String value = ""; try { @@ -105,7 +107,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index bc29b34a..ae55d2fb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class GetTransportCert extends CMSServlet { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,12 +154,13 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index a00b0fb7..9044dec0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() {} + public HierarchyPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -64,8 +64,8 @@ public class HierarchyPanel extends WizardPanelBase { null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select","root"); - c.putString("hierarchy.select","Clone"); + c.putString("preop.hierarchy.select", "root"); + c.putString("hierarchy.select", "Clone"); return true; } } catch (EBaseException e) { @@ -89,15 +89,16 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -117,7 +118,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -163,16 +164,17 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -187,5 +189,6 @@ public class HierarchyPanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index d4f93a9b..9a220032 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -47,19 +46,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() {} + public ImportAdminCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -102,11 +102,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -135,7 +136,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA @@ -143,7 +145,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } } else { // for CAs, we always generate our own admin certs @@ -151,7 +154,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } String pkcs7 = ""; @@ -192,12 +196,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -207,17 +212,17 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { + if (ca != null) { String serialno = null; - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + "Root CA subsystem - " - + "(new Security Domain)" ); + + "(new Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + "Subordinate CA subsystem - " - + "(new Security Domain)" ); + + "(new Security Domain)"); } try { @@ -234,35 +239,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { certs[0] = repost.getX509Certificate( new BigInteger(serialno, 16)); - } catch (Exception ee) {} + } catch (Exception ee) { + } } else { String dir = null; // REMINDER: This panel is NOT used by "clones" - if( subsystemtype.equals( "CA" ) ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " + if (subsystemtype.equals("CA")) { + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + "Root CA subsystem - " - + "(existing Security Domain)" ); + + "(existing Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + "Subordinate CA subsystem - " - + "(existing Security Domain)" ); + + "(existing Security Domain)"); } } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + subsystemtype - + " subsystem" ); + + " subsystem"); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) {} + } catch (Exception ee) { + } try { BufferedReader reader = new BufferedReader( - new FileReader(dir)); + new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -289,7 +296,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); @@ -312,7 +319,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -322,7 +329,6 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } - /** * If validiate() returns false, this method will be called. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 0c2e7fa0..a26b2dc2 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() {} + public ImportCAChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -89,7 +89,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); context.put("errorString", "Error loading values for Import CA Certificate Panel"); } @@ -119,7 +119,6 @@ public class ImportCAChainPanel extends WizardPanelBase { Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -141,6 +140,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index 3f54ec1c..3b8f3b81 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = - cm.importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = + cm.importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,12 +150,13 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index a421302b..63b9aaf1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -39,8 +39,8 @@ import com.netscape.cmsutil.password.IPasswordStore; * This object stores the values for IP, uid and group based on the cookie id in LDAP. * Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable + implements ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,8 +48,8 @@ public class LDAPSecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -77,14 +77,14 @@ public class LDAPSecurityDomainSessionTable attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { + } catch (Exception e) { if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); sessions_exists = false; } - } + } // add new entry try { @@ -106,9 +106,9 @@ public class LDAPSecurityDomainSessionTable CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); status = SUCCESS; } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); - } + } try { conn.disconnect(); @@ -155,8 +155,9 @@ public class LDAPSecurityDomainSessionTable conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) ret = true; - } catch(Exception e) { + if (res.getCount() > 0) + ret = true; + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } @@ -168,7 +169,6 @@ public class LDAPSecurityDomainSessionTable return ret; } - public Enumeration<String> getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -188,13 +188,13 @@ public class LDAPSecurityDomainSessionTable } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } @@ -211,18 +211,18 @@ public class LDAPSecurityDomainSessionTable IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) { + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } @@ -261,7 +261,7 @@ public class LDAPSecurityDomainSessionTable public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret =0; + int ret = 0; try { String basedn = cs.getString("internaldb.basedn"); @@ -272,7 +272,7 @@ public class LDAPSecurityDomainSessionTable conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } @@ -286,8 +286,7 @@ public class LDAPSecurityDomainSessionTable } private LDAPConnection getLDAPConn() - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -303,8 +302,8 @@ public class LDAPSecurityDomainSessionTable pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -329,11 +328,11 @@ public class LDAPSecurityDomainSessionTable LDAPConnection conn = null; if (security.equals("true")) { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index e7fdbe3f..713cb170 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class LoginServlet extends BaseServlet { /** @@ -52,7 +50,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -62,7 +60,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index a91ca979..760faed4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID="authorityId"; + private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } process(argSet, header, ctx, request, response); @@ -90,21 +89,21 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +124,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEENonSSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEENonSSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +135,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +146,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index 38185a33..f33b1023 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -50,19 +49,21 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - public ModulePanel() {} + + public ModulePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Key Store"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +72,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done",false); + cs.putBoolean("preop.ModulePanel.done", false); } public void loadCurrModTable() { @@ -142,14 +143,14 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token") && - !token.getName().equals("NSS Generic Crypto Services")) { + !token.getName().equals("NSS Generic Crypto Services")) { module.addToken(token); } else { CMS.debug( "ModulePanel: token " + token.getName() - + " not to be added"); + + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -181,11 +182,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -194,7 +195,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -214,13 +215,13 @@ public class ModulePanel extends WizardPanelBase { // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ null, /* default parameter */ "module token selection"); set.add("choice", tokenDesc); - + return set; } @@ -235,7 +236,8 @@ public class ModulePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -272,8 +274,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo()+1); - CMS.debug("ModulePanel subpanelno =" +subpanelno); + String subpanelno = String.valueOf(getPanelNo() + 1); + CMS.debug("ModulePanel subpanelno =" + subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -292,7 +294,7 @@ public class ModulePanel extends WizardPanelBase { public void update(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { - boolean hasErr = false; + boolean hasErr = false; try { // get the value of the choice @@ -306,13 +308,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index a0a627ee..1c67654b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class ModuleServlet extends BaseServlet { /** @@ -38,10 +36,10 @@ public class ModuleServlet extends BaseServlet { /** * Collect information on where keys are to be generated. * Once collected, write to CS.cfg: - * "preop.module=soft" - * or - * "preop.module=hard" - * + * "preop.module=soft" + * or + * "preop.module=hard" + * * <ul> * <li>http.param selection "soft" or "hard" for software token or hardware token * </ul> @@ -76,7 +74,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index ec3686e9..1a1fccdf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -54,19 +53,20 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() {} + public NamePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -80,25 +80,25 @@ public class NamePanel extends WizardPanelBase { PropertySet set = new PropertySet(); Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + null, /* no default parameter */ "CA Signing Certificate's DN"); set.add("caDN", caDN); Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + null, /* no default parameter */ "SSL Server Certificate's DN"); set.add("sslDN", sslDN); Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + null, /* no default parameter */ "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + null, /* no default parameter */ "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -124,7 +124,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert."+t+".done"); + cs.remove("preop.cert." + t + ".done"); } try { @@ -142,7 +142,8 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -185,10 +186,10 @@ public class NamePanel extends WizardPanelBase { cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -227,27 +228,27 @@ public class NamePanel extends WizardPanelBase { String type = config.getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem +"."+certTag +".cert", ""); - String certreq = - config.getString(subsystem + "." +certTag +".certreq", ""); + String cert = config.getString(subsystem + "." + certTag + ".cert", ""); + String certreq = + config.getString(subsystem + "." + certTag + ".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag + - ".cncomponent.override", true); - //o_sd is to add o=secritydomainname + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + //o_sd is to add o=secritydomainname boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + - "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is "+override); - CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); - CMS.debug("NamePanel: display() domainname is "+domainname); + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is " + override); + CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); + CMS.debug("NamePanel: display() domainname is " + domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN"); } catch (Exception e) { } @@ -259,16 +260,16 @@ public class NamePanel extends WizardPanelBase { if (select.equals("clone") || dnUpdated) { c.setDN(dn); } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = "+count); - c.setDN(dn + " "+count+ - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + CMS.debug("NamePanel subsystemCount = " + count); + c.setDN(dn + " " + count + + ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); } else { - c.setDN(dn + - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); } } @@ -302,7 +303,8 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("urls", v); @@ -338,20 +340,20 @@ public class NamePanel extends WizardPanelBase { * update some parameters for clones */ public void updateCloneConfig(IConfigStore config) - throws EBaseException, IOException { + throws EBaseException, IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname); config.commit(false); } else { // software token // parameters already set @@ -361,12 +363,12 @@ public class NamePanel extends WizardPanelBase { // audit signing cert String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { + if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + audit_tk + ":" + audit_nn); } else { config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + audit_nn); } } @@ -374,7 +376,7 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); @@ -393,30 +395,30 @@ public class NamePanel extends WizardPanelBase { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token+":"+nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token + ":" + nickname; } - File file = new File(path+"/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); + File file = new File(path + "/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -424,13 +426,13 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", @@ -438,9 +440,9 @@ public class NamePanel extends WizardPanelBase { */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); } @@ -459,7 +461,7 @@ public class NamePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is "+ caType); + CMS.debug("NamePanel: in configCert caType is " + caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -469,13 +471,13 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); + String profileId = config.getString(PCERT_PREFIX + certTag + ".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; @@ -483,15 +485,15 @@ public class NamePanel extends WizardPanelBase { sd_hostname = config.getString("securitydomain.host", ""); sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:" + ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); } @@ -504,18 +506,18 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); @@ -524,76 +526,76 @@ public class NamePanel extends WizardPanelBase { CMS.debug( "The value for " + s - + " should be remote, nothing else."); + + " should be remote, nothing else."); throw new IOException( "The value for " + s + " should be remote"); - } - + } + String pubKeyType = config.getString( PCERT_PREFIX + certTag + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - if (certTag.equals("signing")) { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { + if (certTag.equals("signing")) { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -605,7 +607,7 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); + // certObj.setCert(certs); String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); @@ -617,58 +619,57 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, HttpServletResponse response, - Context context, String tag) throws IOException - { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + - " tag=" +tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); - } + Context context, String tag) throws IOException { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + + " tag=" + tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); } - } - CMS.debug("NamePanel: configCertWithTag done"); + + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } private boolean inputChanged(HttpServletRequest request) - throws IOException { - IConfigStore config = CMS.getConfigStore(); - + throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; @@ -679,10 +680,10 @@ public class NamePanel extends WizardPanelBase { if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -690,34 +691,34 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) - { + + public String getURL(HttpServletRequest request, IConfigStore config) { String index = request.getParameter("urls"); - if (index == null){ - return null; + if (index == null) { + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } - return url; + return url; } /** @@ -727,7 +728,7 @@ public class NamePanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -736,7 +737,7 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); @@ -750,13 +751,13 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -771,49 +772,50 @@ public class NamePanel extends WizardPanelBase { } //if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); - - URL urlx = null; - - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX+"signing.type", "remote"); - } + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); + + URL urlx = null; + + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + } - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); + } } - } - try { - config.commit(false); - } catch (Exception e) {} + try { + config.commit(false); + } catch (Exception e) { + } - } + } try { @@ -821,13 +823,13 @@ public class NamePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false); if (certDone) continue; @@ -850,32 +852,32 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert."+cert.getCertTag()+".done", - true); + config.putBoolean("preop.cert." + cert.getCertTag() + ".done", + true); config.commit(false); } catch (Exception e) { CMS.debug( "NamePanel: update() exception caught:" + e.toString()); - hasErr = true; + hasErr = true; System.err.println("Exception caught: " + e.toString()); } } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try - try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!hasErr) { context.put("updateStatus", "success"); @@ -897,15 +899,15 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, + https_admin_port = getSecurityDomainAdminPort(config, hostname, httpsPortStr, - "CA" ); + "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Https port is not valid. Exception: " @@ -934,15 +936,15 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, + https_admin_port = getSecurityDomainAdminPort(config, hostname, httpsPortStr, - "CA" ); + "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Https port is not valid. Exception: " @@ -954,21 +956,19 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, true, context, - certApprovalCallback ); + certApprovalCallback); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { context.put("certs", mCerts); } @@ -977,10 +977,9 @@ public class NamePanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) - { + Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index cf37fdff..8ca70bd4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -53,7 +52,7 @@ import com.netscape.cmsutil.xml.XMLObject; * This servlet creates a TPS user in the CA, * and it associates TPS's server certificate to * the user. Finally, it addes the user to the - * administrator group. This procedure will + * administrator group. This procedure will * allows TPS to connect to the CA for certificate * issuance. */ @@ -68,8 +67,7 @@ public class RegisterUser extends CMSServlet { private final static String AUTH_FAILURE = "2"; private String mGroupName = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; - + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public RegisterUser() { super(); @@ -77,6 +75,7 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -88,7 +87,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -102,9 +101,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -117,19 +116,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -150,93 +149,93 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+fullname;;"+ name + + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+fullname;;" + name + "+state;;1" + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate)cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = - new com.netscape.certsrv.usrgrp.Certificates(certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate) cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: "+ec.toString()); + CMS.debug("RegisterUser: exception thrown: " + ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid "+uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid " + uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+cert;;"+certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+cert;;" + certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, @@ -249,20 +248,19 @@ public class RegisterUser extends CMSServlet { return; } - // add user to the group auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + - "+Resource;;"+ mGroupName; + "+Resource;;" + mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); + IGroup group = (IGroup) groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -280,15 +278,15 @@ public class RegisterUser extends CMSServlet { audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage( + } catch (Exception e) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -305,12 +303,13 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 76f5a749..cc62fede 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -76,19 +75,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() {} + public RestoreKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -99,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -138,15 +138,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -160,7 +161,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -201,7 +202,6 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // throw new IOException("Path is empty"); // } - if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -217,15 +217,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -233,7 +232,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -246,7 +245,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); - while (fis.available() > 0) + while (fis.available() > 0) fis.read(b); fis.close(); @@ -256,10 +255,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX)(new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX) (new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString()); } if (verifypfx) { @@ -267,50 +266,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i=0; i<safes.getSize(); i++) { + for (int i = 0; i < safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j=0; j<scontent.size(); j++) { - SafeBag bag = (SafeBag)scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j = 0; j < scontent.size(); j++) { + SafeBag bag = (SafeBag) scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = - (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = + (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); + ANY ss = (ANY) val.elementAt(0); ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag)bag.getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); + CertBag cbag = (CertBag) bag.getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); + ANY ss = (ANY) val.elementAt(0); ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -321,10 +320,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -342,7 +341,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); @@ -363,7 +362,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -388,14 +387,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID="+session_id; + content = "type=request&xmlOutput=true&sessionID=" + session_id; CMS.debug("http content=" + content); updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); - content = "type=serialNo&xmlOutput=true&sessionID="+session_id; + content = "type=serialNo&xmlOutput=true&sessionID=" + session_id; updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); - content = "type=replicaId&xmlOutput=true&sessionID="+session_id; + content = "type=replicaId&xmlOutput=true&sessionID=" + session_id; updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); } @@ -406,7 +405,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -438,8 +437,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append(cstype); @@ -449,18 +447,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; boolean success = updateConfigEntries(master_hostname, master_port, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); + "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response); if (!success) { context.put("errorString", "Failed to get configuration entries from the master"); throw new IOException("Failed to get configuration entries from the master"); @@ -473,7 +471,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString()); } } catch (IOException ee) { @@ -491,38 +489,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master."+s+".nickname"; + String name = "preop.master." + s + ".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString()); + } } private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { - CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -532,12 +530,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i=0; i<pkeyinfo_collection.size(); i++) { + for (int i = 0; i < pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); - String nickname = (String)pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0); + String nickname = (String) pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -550,32 +548,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); } } - for (int i=0; i<cert_collection.size(); i++) { + for (int i = 0; i < cert_collection.size(); i++) { try { - Vector cert_v = (Vector)cert_collection.elementAt(i); - byte[] cert = (byte[])cert_v.elementAt(0); + Vector cert_v = (Vector) cert_collection.elementAt(i); + byte[] cert = (byte[]) cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String)cert_v.elementAt(1); + String name = (String) cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -586,10 +584,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString()); } } } @@ -598,18 +596,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { X509Certificate xcert = cm.importUserCACertPackage(cert, name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate)xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate)xcert; + InternalCertificate icert = (InternalCertificate) xcert; icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); } } } @@ -628,15 +626,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i=0; i<permcerts.length; i++) { + for (int i = 0; i < permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { @@ -644,25 +642,25 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i=0; i<cert_collection.size(); i++) { - Vector v = (Vector)cert_collection.elementAt(i); - byte[] b = (byte[])v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i = 0; i < cert_collection.size(); i++) { + Vector v = (Vector) cert_collection.elementAt(i); + byte[] b = (byte[]) v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); - throw new IOException( e.toString() ); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString()); + throw new IOException(e.toString()); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -674,9 +672,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); @@ -684,7 +681,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -698,13 +695,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 854e8f10..0c066268 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() {} + public SavePKCS12Panel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +61,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,13 +78,14 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -116,7 +118,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** @@ -134,9 +136,8 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 3a5d82d1..42165b08 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.net.URL; import java.net.URLDecoder; @@ -59,9 +58,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index+10); + subsystem = url.substring(index + 10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -70,14 +69,14 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); + context.put("name", sdname); template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 90a6aeb0..7e45f019 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() {} + public SecurityDomainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -72,15 +72,16 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -163,12 +165,12 @@ public class SecurityDomainPanel extends WizardPanelBase { } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length()==0)? "":" "); + sb.append((defaultDomain.length() == 0) ? "" : " "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " "+ "Domain"; + defaultDomain = sb.toString() + " " + "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -176,54 +178,53 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); } catch (Exception e) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); } - - if( r != null ) { + + if (r != null) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); - context.put( "sdomainURL", default_admin_url ); + CMS.debug("SecurityDomainPanel: pingCS returns: " + r); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingCS no successful response"); + context.put("sdomainURL", ""); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/usr/bin/pkicontrol" ); - context.put( "instanceId", "ca " + systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/usr/bin/pkicontrol"); + context.put("instanceId", "ca " + systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } } @@ -231,7 +232,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0,1).toUpperCase() + s.substring(1); + return s.substring(0, 1).toUpperCase() + s.substring(1); } } @@ -241,7 +242,7 @@ public class SecurityDomainPanel extends WizardPanelBase { public void validate(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { - + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { String name = HttpInput.getSecurityDomainName(request, "sdomainName"); @@ -251,50 +252,48 @@ public class SecurityDomainPanel extends WizardPanelBase { throw new IOException("Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug( "SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ." ); - String admin_url = HttpInput.getURL( request, "sdomainURL" ); - if( admin_url == null || admin_url.equals("") ) { - initParams( request, context ); + CMS.debug("SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ."); + String admin_url = HttpInput.getURL(request, "sdomainURL"); + if (admin_url == null || admin_url.equals("")) { + initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( "Missing SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Missing SSL Admin HTTPS url value " + + "for the security domain"); } else { String r = null; try { - URL u = new URL( admin_url ); + URL u = new URL(admin_url); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, admin_port, true, - certApprovalCallback ); - } catch( Exception e ) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, admin_port, true, + certApprovalCallback); + } catch (Exception e) { + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); context.put("updateStatus", "validate-failure"); - throw new IOException( "Illegal SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Illegal SSL Admin HTTPS url value " + + "for the security domain"); } if (r != null) { CMS.debug("SecurityDomainPanel: pingAdminCS returns: " - + r ); - context.put( "sdomainURL", admin_url ); + + r); + context.put("sdomainURL", admin_url); } else { - CMS.debug( "SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS"); + context.put("sdomainURL", ""); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + public void initParams(HttpServletRequest request, Context context) + throws IOException { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -340,29 +339,30 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", - CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", - CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", - CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", + CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", + CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", + CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); - + try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String instanceRoot = ""; try { @@ -383,31 +383,32 @@ public class SecurityDomainPanel extends WizardPanelBase { String hostname = ""; int admin_port = -1; - if( admin_url != null ) { + if (admin_url != null) { try { - URL admin_u = new URL( admin_url ); + URL admin_u = new URL(admin_url); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch( MalformedURLException e ) { + } catch (MalformedURLException e) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException( errorString ); + throw new IOException(errorString); } - context.put( "sdomainURL", admin_url ); - config.putString( "securitydomain.host", hostname ); - config.putInteger( "securitydomain.httpsadminport", - admin_port ); + context.put("sdomainURL", admin_url); + config.putString("securitydomain.host", hostname); + config.putInteger("securitydomain.httpsadminport", + admin_port); } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain( config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback ); + updateCertChain(config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -425,7 +426,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -446,32 +448,33 @@ public class SecurityDomainPanel extends WizardPanelBase { try { default_admin_url = config.getString("preop.securitydomain.admin_url", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); - } catch (Exception e) {} - - if( r != null ) { + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); + } catch (Exception e) { + } + + if (r != null) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put( "sdomainURL", default_admin_url ); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put( "sdomainURL", "" ); + context.put("sdomainURL", ""); } } @@ -483,19 +486,20 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } else { /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index 75cc0fb6..d15ca5ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,8 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable + implements ISecurityDomainSessionTable { private Hashtable<String, Vector<Comparable<?>>> m_sessions; private long m_timeToLive; @@ -38,8 +38,8 @@ public class SecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { Vector<Comparable<?>> v = new Vector<Comparable<?>>(); v.addElement(ip); v.addElement(uid); @@ -67,28 +67,28 @@ public class SecurityDomainSessionTable public String getIP(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(0); + return (String) v.elementAt(0); return null; } public String getUID(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(1); + return (String) v.elementAt(1); return null; } public String getGroup(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(2); + return (String) v.elementAt(2); return null; } public long getBeginTime(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); - if (v != null) { - Long n = (Long)v.elementAt(3); + if (v != null) { + Long n = (Long) v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index c3a1e325..49cadb9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -29,7 +29,7 @@ public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -39,15 +39,15 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String)keys.nextElement(); + String sessionId = (String) keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime-beginTime) > timeToLive) { + if ((nowTime - beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message String auditParams = "operation;;expire_token+token;;" + sessionId; String auditMessage = CMS.getLogMessage( @@ -62,9 +62,7 @@ public class SessionTimer extends TimerTask { ILogger.LL_SECURITY, auditMessage); - } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 0e6a507a..a008d259 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() {} + public SizePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,19 +69,19 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "default,custom", null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ null, /* no default parameter */ "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } @@ -105,7 +105,8 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -118,7 +119,7 @@ public class SizePanel extends WizardPanelBase { Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -134,12 +135,12 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); } catch (Exception e) { } @@ -180,12 +181,13 @@ public class SizePanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".signing.required", false); c.setSigningRequired(signingRequired); - if (signingRequired) mShowSigning = true; + if (signingRequired) + mShowSigning = true; String userfriendlyname = config.getString( PCERT_PREFIX + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -236,13 +238,13 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config.getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val+",o=clone"); + String val = config.getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val + ",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -251,7 +253,7 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; @@ -280,28 +282,28 @@ public class SizePanel extends WizardPanelBase { } CMS.debug( "SizePanel: update() keysize choice selected:" + select); - String oldkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String oldkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String oldkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String oldsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String oldkeysize = + config.getString(PCERT_PREFIX + ct + ".keysize.size", ""); + String oldkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String oldkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String oldsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); String oldcurvename = - config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); @@ -311,31 +313,31 @@ public class SizePanel extends WizardPanelBase { "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + - ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct + - ".keysize.custom_size", - default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", + default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString("preop.curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); config.putString("preop.curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString("preop.keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString("preop.keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); config.putString("preop.keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); @@ -346,42 +348,42 @@ public class SizePanel extends WizardPanelBase { if (keytype != null && keytype.equals("ecc")) { config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); config.putString(PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); } else { config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size")); + HttpInput.getKeySize(request, ct + "_custom_size")); config.putString(PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size")); + HttpInput.getKeySize(request, ct + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String newkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String newkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String newsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String newcurvename = - config.getString(PCERT_PREFIX+ct+".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) || - !oldkeytype.equals(newkeytype) || - !oldkeyalgorithm.equals(newkeyalgorithm) || - !oldsigningalgorithm.equals(newsigningalgorithm) || - !oldcurvename.equals(newcurvename)) + String newkeysize = + config.getString(PCERT_PREFIX + ct + ".keysize.size", ""); + String newkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String newkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String newsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String newcurvename = + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) || + !oldkeytype.equals(newkeytype) || + !oldkeyalgorithm.equals(newkeyalgorithm) || + !oldsigningalgorithm.equals(newsigningalgorithm) || + !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); } @@ -393,7 +395,7 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; @@ -401,7 +403,7 @@ public class SizePanel extends WizardPanelBase { CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } @@ -414,7 +416,7 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); } catch (Exception e) { } @@ -425,15 +427,15 @@ public class SizePanel extends WizardPanelBase { try { String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); - + if (keytype.equals("rsa")) { int keysize = config.getInteger( - PCERT_PREFIX + ct + ".keysize.size"); + PCERT_PREFIX + ct + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { String curveName = config.getString( - PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); + PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -441,31 +443,30 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException("key generation failure for the certificate: " + friendlyName + + throw new IOException("key generation failure for the certificate: " + friendlyName + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug( - "SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug( + "SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { - CMS.debug("Generating ECC key pair with curvename="+ curveName + - ", token="+token); + public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + CMS.debug("Generating ECC key pair with curvename=" + curveName + + ", token=" + token); KeyPair pair = null; /* * default ssl server cert to ECDHE unless stated otherwise @@ -488,48 +489,48 @@ public class SizePanel extends WizardPanelBase { // ECDHE needs "SIGN" but no "DERIVE" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -537,25 +538,24 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { + public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); @@ -563,9 +563,9 @@ public class SizePanel extends WizardPanelBase { byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -573,41 +573,40 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", + config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", keyAlgo); - } + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", keyAlgo); - } + } } else if (systemType.equalsIgnoreCase("KRA") || - systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -646,7 +645,7 @@ public class SizePanel extends WizardPanelBase { HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index cf59e07c..2372b309 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (! hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" - + givenHost + " are different"); + if (!hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index cf699c61..bba1f378 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateConnector extends CMSServlet { /** @@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -125,7 +124,7 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String)list.nextElement(); + String name = (String) list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { CMS.debug("Adding connector update name=" + name + " val=" + val); @@ -134,24 +133,24 @@ public class UpdateConnector extends CMSServlet { CMS.debug("Skipping connector update name=" + name + " val=" + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { + try { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService)ca.getCAService(); + CMS.getSubsystem("ca"); + ICAService caService = (ICAService) ca.getCAService(); IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); + cs.getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -173,12 +172,13 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index c9fe27ef..0476e26d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateDomainXML extends CMSServlet { /** @@ -65,9 +63,9 @@ public class UpdateDomainXML extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -75,6 +73,7 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,20 +100,19 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -135,23 +133,21 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -172,37 +168,35 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -219,7 +213,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -233,19 +227,19 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - AUTH_FAILURE, - "Error: Encountered problem during authorization."); + AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -272,7 +266,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -286,20 +280,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + + if (!missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + + outputError(httpResp, "Error: required parameters: " + missing + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ - "+clone;;"+clone+"+type;;"+type; + String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport + + "+clone;;" + clone + "+type;;" + type; if (operation != null) { - auditParams += "+operation;;"+operation; + auditParams += "+operation;;" + operation; } else { auditParams += "+operation;;add"; } @@ -312,8 +306,7 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -326,7 +319,7 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport!= null) && (adminsport != "")) { + if ((adminsport != null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; @@ -361,64 +354,63 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + - "+resource;;"+adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;" + adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); - audit(auditMessage); + audit(auditMessage); - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + "+source;;UpdateDomainXML" + - "+resource;;Subsystem Group+user;;"+adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + "+resource;;Subsystem Group+user;;" + adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute("uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); - } else { - auditMessage = CMS.getLogMessage( + } else { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); - } - audit(auditMessage); - } else { // error deleting user - auditMessage = CMS.getLogMessage( + } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); - audit(auditMessage); - } + audit(auditMessage); } + } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } - else { + } else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -430,7 +422,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count =0; + int count = 0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -444,11 +436,11 @@ public class UpdateDomainXML extends CMSServlet { Vector v_host = parser.getValuesFromContainer(nn, "Host"); Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count --; - break; + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count--; + break; } } } else { @@ -463,33 +455,33 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "UnSecurePort", httpport); parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); - count ++; + count++; } //update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); + CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", ""+count); + parser.addItemToContainer(n, "SubsystemCount", "" + count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -503,7 +495,7 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, @@ -520,11 +512,11 @@ public class UpdateDomainXML extends CMSServlet { } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -537,22 +529,24 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) return "host"; - else return xmltag; + if (xmltag.equals("Host")) + return "host"; + else + return xmltag; } - - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 0a1787aa..894afa5f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateNumberRange extends CMSServlet { /** @@ -56,7 +54,7 @@ public class UpdateNumberRange extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = - "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -64,6 +62,7 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,12 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( - IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -147,7 +147,7 @@ public class UpdateNumberRange extends CMSServlet { } } else { // CA ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -161,22 +161,22 @@ public class UpdateNumberRange extends CMSServlet { // This needs to be done beforehand to ensure that we always have enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix=16; + radix = 16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix=10; + radix = 10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -192,11 +192,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -204,10 +204,9 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - - if( beginNum == null ) { - CMS.debug( "UpdateNumberRange::process() - " + - "beginNum is null!" ); + if (beginNum == null) { + CMS.debug("UpdateNumberRange::process() - " + + "beginNum is null!"); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, @@ -219,7 +218,7 @@ public class UpdateNumberRange extends CMSServlet { // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -248,7 +247,7 @@ public class UpdateNumberRange extends CMSServlet { audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, @@ -261,12 +260,13 @@ public class UpdateNumberRange extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 2339c4c7..2d3e33f9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateOCSPConfig extends CMSServlet { /** @@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -108,31 +108,31 @@ public class UpdateOCSPConfig extends CMSServlet { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname="+nickname); + CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); + "/ocsp/agent/ocsp/addCRL"); cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -147,17 +147,18 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index 7b1c9959..4224c4eb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() {} + public WelcomePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -80,7 +81,7 @@ public class WelcomePanel extends WizardPanelBase { try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", + context.put("panelname", cs.getString("preop.system.fullname") + " Configuration Wizard"); context.put("systemname", cs.getString("preop.system.name")); @@ -90,7 +91,8 @@ public class WelcomePanel extends WizardPanelBase { cs.getString("preop.product.name")); context.put("productversion", cs.getString("preop.product.version")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -112,7 +114,8 @@ public class WelcomePanel extends WizardPanelBase { try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } /** @@ -120,5 +123,6 @@ public class WelcomePanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {/* This should never be called */} + Context context) {/* This should never be called */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 06eb63ff..f5a96bc8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class WelcomeServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index a2a7d5df..c7910bc8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -95,15 +94,13 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException - { + public void init(ServletConfig config, int panelno) + throws ServletException { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException - { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { mPanelNo = panelno; } @@ -142,7 +139,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -187,7 +184,8 @@ public class WizardPanelBase implements IWizardPanel { */ public void display(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } /** * Checks if the given parameters are valid. @@ -202,14 +200,16 @@ public class WizardPanelBase implements IWizardPanel { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException {} + Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } /** * Retrieves locale based on the request. @@ -233,7 +233,8 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; @@ -241,7 +242,8 @@ public class WizardPanelBase implements IWizardPanel { try { preferredNickname = config.getString( PCERT_PREFIX + certTag + ".nickname", null); - } catch (Exception e) {} + } catch (Exception e) { + } if (preferredNickname != null) { nickname = preferredNickname; @@ -250,7 +252,7 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { + String servlet, String uri) throws IOException { CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; @@ -258,17 +260,18 @@ public class WizardPanelBase implements IWizardPanel { try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) { - nickname = tokenname+":"+nickname; + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) { + nickname = tokenname + ":" + nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { @@ -278,9 +281,9 @@ public class WizardPanelBase implements IWizardPanel { try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = obj.getValue("Status"); @@ -291,7 +294,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -302,8 +305,8 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount( String hostname, int https_admin_port, - boolean https, String type ) + public int getSubsystemCount(String hostname, int https_admin_port, + boolean https, String type) throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); @@ -311,12 +314,12 @@ public class WizardPanelBase implements IWizardPanel { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type+"List"; + String containerName = type + "List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -325,7 +328,7 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -337,7 +340,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); throw new IOException(e.toString()); } } @@ -345,12 +348,12 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML( String hostname, int https_admin_port, - boolean https ) + public String getDomainXML(String hostname, int https_admin_port, + boolean https) throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -359,9 +362,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -374,12 +377,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getDomainXML: domainInfo=" + domainInfo); - return domainInfo; + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -392,29 +395,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = - new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = + new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getSubsystemCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getSubsystemCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -423,10 +426,10 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -435,9 +438,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConnectorInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConnectorInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -447,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel { if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw e; @@ -458,16 +461,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public String getCertChainUsingSecureAdminPort( String hostname, + public String getCertChainUsingSecureAdminPort(String hostname, int https_admin_port, boolean https, ConfigCertApprovalCallback - certApprovalCallback ) + certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse( hostname, https_admin_port, https, + String c = getHttpResponse(hostname, https_admin_port, https, "/ca/admin/ca/getCertChain", null, null, - certApprovalCallback ); + certApprovalCallback); if (c != null) { try { @@ -477,9 +480,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -493,12 +496,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + certchain); - return certchain; + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw e; @@ -511,16 +514,16 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort( String hostname, + public String getCertChainUsingSecureEEPort(String hostname, int https_ee_port, boolean https, ConfigCertApprovalCallback - certApprovalCallback ) + certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse( hostname, https_ee_port, https, + String c = getHttpResponse(hostname, https_ee_port, https, "/ca/ee/ca/getCertChain", null, null, - certApprovalCallback ); + certApprovalCallback); if (c != null) { try { @@ -530,9 +533,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -546,12 +549,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + certchain); - return certchain; + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw e; @@ -565,8 +568,8 @@ public class WizardPanelBase implements IWizardPanel { } public boolean updateConfigEntries(String hostname, int port, boolean https, - String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); @@ -578,9 +581,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConfigEntries() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConfigEntries() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -594,11 +597,11 @@ public class WizardPanelBase implements IWizardPanel { } catch (Exception e) { CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -606,14 +609,14 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } @@ -625,7 +628,7 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.internaldb.master.binddn", v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", v); + config.putString("preop.internaldb.master.basedn", v); } else if (name.equals("internaldb.ldapauth.password")) { config.putString("preop.internaldb.master.bindpwd", v); } else if (name.equals("internaldb.replication.password")) { @@ -649,7 +652,7 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name.equals("cloning.audit_signing.nickname")) { + } else if (name.equals("cloning.audit_signing.nickname")) { config.putString("preop.master.audit_signing.nickname", v); config.putString("preop.cert.audit_signing.nickname", v); config.putString(name, v); @@ -686,7 +689,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw e; @@ -713,9 +716,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::authenticate() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::authenticate() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -729,7 +732,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -739,12 +742,12 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) - throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) + throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); throw new IOException("The server you want to contact is not available"); @@ -756,9 +759,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateOCSPConfig() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateOCSPConfig() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -774,7 +777,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -785,10 +788,10 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; @@ -798,13 +801,13 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, - "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, + "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); throw new IOException("The server you want to contact is not available"); } else { - CMS.debug("content="+c); + CMS.debug("content=" + c); try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; @@ -812,9 +815,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateNumberRange() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateNumberRange() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -843,7 +846,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -856,9 +859,9 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) - throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) + throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); @@ -871,9 +874,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -889,7 +892,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -903,14 +906,14 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) throws IOException { + String uri, String content, String clientnickname) throws IOException { return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -960,8 +963,8 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster (IConfigStore config) { - String dm="false"; + public boolean isSDHostDomainMaster(IConfigStore config) { + String dm = "false"; try { String hostname = config.getString("securitydomain.host"); int httpsadminport = config.getInteger("securitydomain.httpsadminport"); @@ -971,40 +974,40 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + parser.getValuesFromContainer(nodeList.item(i), + "Host"); Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); Vector v_domain_mgr = - parser.getValuesFromContainer( nodeList.item(i), - "DomainManager" ); + parser.getValuesFromContainer(nodeList.item(i), + "DomainManager"); - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { - dm = v_domain_mgr.elementAt( 0 ).toString(); + if (v_hostname.elementAt(0).equals(hostname) && + v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) { + dm = v_domain_mgr.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + + public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, String type, - String portType ) { + String portType) { Vector v = new Vector(); try { @@ -1026,13 +1029,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return v; } @@ -1050,8 +1053,8 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("Len " + len); for (int i = 0; i < len; i++) { Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); - String clone = (String)v_clone.elementAt(0); + "Clone"); + String clone = (String) v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1061,11 +1064,11 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement( v_name.elementAt(0) + v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1074,9 +1077,9 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain( IConfigStore config, + public Vector getUrlListFromSecurityDomain(IConfigStore config, String type, - String portType ) { + String portType) { Vector v = new Vector(); try { @@ -1098,13 +1101,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return v; } @@ -1132,17 +1135,17 @@ public class WizardPanelBase implements IWizardPanel { if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add( 0, v_name.elementAt(0) + v.add(0, v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } else { - v.addElement( v_name.elementAt(0) + v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } } } catch (Exception e) { @@ -1154,155 +1157,155 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort( IConfigStore config, + public String getSecurityDomainAdminPort(IConfigStore config, String hostname, String https_ee_port, - String cstype ) { + String cstype) { String https_admin_port = new String(); try { - String sd_hostname = config.getString( "securitydomain.host" ); + String sd_hostname = config.getString("securitydomain.host"); int sd_httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); + config.getInteger("securitydomain.httpsadminport"); - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(sd_hostname, sd_httpsadminport, true); - CMS.debug( "Getting associated HTTPS Admin port from " + + CMS.debug("Getting associated HTTPS Admin port from " + "HTTPS Hostname '" + hostname + - "' and EE port '" + https_ee_port + "'" ); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + "' and EE port '" + https_ee_port + "'"); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); + NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + parser.getValuesFromContainer(nodeList.item(i), + "Host"); Vector v_https_ee_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + if (v_hostname.elementAt(0).equals(hostname) && + v_https_ee_port.elementAt(0).equals(https_ee_port)) { https_admin_port = - v_https_admin_port.elementAt( 0 ).toString(); + v_https_admin_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( https_admin_port ); + return (https_admin_port); } - public String getSecurityDomainPort( IConfigStore config, - String portType ) { + public String getSecurityDomainPort(IConfigStore config, + String portType) { String port = new String(); try { - String hostname = config.getString( "securitydomain.host" ); + String hostname = config.getString("securitydomain.host"); int httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( hostname, httpsadminport, true ); - - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + config.getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(hostname, httpsadminport, true); + + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); Vector v_port = null; - if( portType.equals( "UnSecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "UnSecurePort" ); - } else if( portType.equals( "SecureAgentPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAgentPort" ); - } else if( portType.equals( "SecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - } else if( portType.equals( "SecureAdminPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + if (portType.equals("UnSecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "UnSecurePort"); + } else if (portType.equals("SecureAgentPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAgentPort"); + } else if (portType.equals("SecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); + } else if (portType.equals("SecureAdminPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); } - if( ( v_port != null ) && - ( v_admin_port.elementAt( 0 ).equals( - Integer.toString( httpsadminport ) ) ) ) { - port = v_port.elementAt( 0 ).toString(); + if ((v_port != null) && + (v_admin_port.elementAt(0).equals( + Integer.toString(httpsadminport)))) { + port = v_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( port ); + return (port); } - public String pingCS( String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback ) - throws IOException { - CMS.debug( "WizardPanelBase pingCS: started" ); + public String pingCS(String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { + CMS.debug("WizardPanelBase pingCS: started"); - String c = getHttpResponse( hostname, port, https, - "/ca/admin/ca/getStatus", - null, null, certApprovalCallback ); + String c = getHttpResponse(hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback); - if( c != null ) { + if (c != null) { try { ByteArrayInputStream bis = new - ByteArrayInputStream( c.getBytes() ); + ByteArrayInputStream(c.getBytes()); XMLObject parser = null; String state = null; try { - parser = new XMLObject( bis ); - CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); - state = parser.getValue( "State" ); + parser = new XMLObject(bis); + CMS.debug("WizardPanelBase pingCS: got XML parsed"); + state = parser.getValue("State"); - if( state != null ) { - CMS.debug( "WizardPanelBase pingCS: state=" + state ); + if (state != null) { + CMS.debug("WizardPanelBase pingCS: state=" + state); } } catch (Exception e) { - CMS.debug( "WizardPanelBase: pingCS: parser failed" - + e.toString() ); + CMS.debug("WizardPanelBase: pingCS: parser failed" + + e.toString()); } return state; - } catch( Exception e ) { - CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); - throw new IOException( e.toString() ); + } catch (Exception e) { + CMS.debug("WizardPanelBase: pingCS: " + e.toString()); + throw new IOException(e.toString()); } } - CMS.debug( "WizardPanelBase pingCS: stopped" ); + CMS.debug("WizardPanelBase pingCS: stopped"); return null; } @@ -1311,7 +1314,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1321,14 +1324,14 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); + String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -1337,9 +1340,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getTokenInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getTokenInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -1350,7 +1353,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1358,17 +1361,17 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); @@ -1406,19 +1409,20 @@ public class WizardPanelBase implements IWizardPanel { } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", + String token = config.getString("preop.module.token", "Internal Key Storage Token"); - if (! token.equals("Internal Key Storage Token")) { + if (!token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) continue; - config.putString(type + ".cert." + tag + ".nickname", - token + ":" + - config.getString(type + ".cert." + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) + continue; + config.putString(type + ".cert." + tag + ".nickname", + token + ":" + + config.getString(type + ".cert." + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1431,7 +1435,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1442,31 +1446,32 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) throws IOException { - updateCertChain( config, name, host, https_admin_port, - https, context, null ); + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain(config, name, host, https_admin_port, + https, context, null); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort( host, + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort(host, https_admin_port, https, - certApprovalCallback ); - config.putString("preop."+name+".pkcs7", certchain); + certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1475,7 +1480,7 @@ public class WizardPanelBase implements IWizardPanel { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { context.put("errorString", - "Failed to get the certificate chain."); + "Failed to get the certificate chain."); return; } @@ -1483,7 +1488,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1491,11 +1496,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1504,16 +1509,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort( IConfigStore config, + public void updateCertChainUsingSecureEEPort(IConfigStore config, String name, String host, int https_ee_port, boolean https, - Context context, - ConfigCertApprovalCallback certApprovalCallback ) throws IOException { - String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, https, certApprovalCallback); - config.putString("preop."+name+".pkcs7", certchain); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1522,7 +1527,7 @@ public class WizardPanelBase implements IWizardPanel { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { context.put("errorString", - "Failed to get the certificate chain."); + "Failed to get the certificate chain."); return; } @@ -1530,7 +1535,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1543,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1558,26 +1563,26 @@ public class WizardPanelBase implements IWizardPanel { CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - fullnickname = tokenname+":"+nickname; + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + fullnickname = tokenname + ":" + nickname; - CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1595,23 +1600,23 @@ public class WizardPanelBase implements IWizardPanel { } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i=0; i<entries.length; i++) { + for (int i = 0; i < entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); } } @@ -1624,12 +1629,12 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index bbfa4b39..c7532c7a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AdminRequestFilter implements Filter -{ +public class AdminRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AdminRequestFilter */ - public AdminRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AdminRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +62,32 @@ public class AdminRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the admin filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,29 +95,29 @@ public class AdminRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +126,9 @@ public class AdminRequestFilter implements Filter // CMS.debug("Exiting the admin filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index 1ae44a64..4225aed7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AgentRequestFilter implements Filter -{ +public class AgentRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AgentRequestFilter */ - public AgentRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AgentRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -65,32 +63,32 @@ public class AgentRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the agent filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -98,29 +96,29 @@ public class AgentRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +126,9 @@ public class AgentRequestFilter implements Filter } // CMS.debug("Exiting the Agent filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 8b53c6c6..8c62cd31 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter -{ +public class EEClientAuthRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EEClientAuthRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +62,32 @@ public class EEClientAuthRequestFilter implements Filter String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,41 +95,39 @@ public class EEClientAuthRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index f66cf087..8a8bea01 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EERequestFilter implements Filter -{ +public class EERequestFilter implements Filter { private static final String HTTP_SCHEME = "http"; private static final String HTTP_PORT = "http_port"; private static final String HTTP_ROLE = "EE"; @@ -40,22 +39,21 @@ public class EERequestFilter implements Filter private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; - + /* Create a new EERequestFilter */ - public EERequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EERequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -70,45 +68,45 @@ public class EERequestFilter implements Filter String param_active = null; // CMS.debug("Entering the EE filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; // RFC 1738: verify that scheme is either "http" or "https" scheme = request.getScheme(); - if( ( ! scheme.equals( HTTP_SCHEME ) ) && - ( ! scheme.equals( HTTPS_SCHEME ) ) ) { + if ((!scheme.equals(HTTP_SCHEME)) && + (!scheme.equals(HTTPS_SCHEME))) { msg = "The scheme MUST be either '" + HTTP_SCHEME - + "' or '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); - return; + + "' or '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + return; } // Always obtain either an "http" or an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "http" port passed in as a parameter - param_http_port = config.getInitParameter( HTTP_PORT ); - if( param_http_port == null ) { + param_http_port = config.getInitParameter(HTTP_PORT); + if (param_http_port == null) { msg = "The <param-name> '" + HTTP_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); @@ -119,58 +117,58 @@ public class EERequestFilter implements Filter // the request and param "http" ports; // otherwise, if the scheme is "https", compare // the request and param "https" ports - if( scheme.equals( HTTP_SCHEME ) ) { - if( ! param_http_port.equals( request_port ) ) { + if (scheme.equals(HTTP_SCHEME)) { + if (!param_http_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_http_port != null) { + if (param_proxy_http_port != null) { if (!param_proxy_http_port.equals(request_port)) { msg = "Use HTTP port '" + param_http_port - + "' or proxy port '" + param_proxy_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } - } else if( scheme.equals( HTTPS_SCHEME ) ) { - if( ! param_https_port.equals( request_port ) ) { + } else if (scheme.equals(HTTPS_SCHEME)) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -180,11 +178,9 @@ public class EERequestFilter implements Filter } // CMS.debug("Exiting the EE filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java index 166036a9..d7c3ffae 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -43,13 +42,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * A class representing a recoverKey servlet. This servlet * shows key information and presents a list of text boxes * so that recovery agents can type in their identifiers * and passwords. - * + * * @version $Revision$, $Date$ */ public class ConfirmRecoverBySerial extends CMSServlet { @@ -59,8 +57,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { */ private static final long serialVersionUID = 2221819191344494389L; private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = - "confirmRecoverBySerial.template"; + private final static String TPL_FILE = + "confirmRecoverBySerial.template"; private final static String IN_SERIALNO = "serialNumber"; private final static String OUT_SERIALNO = IN_SERIALNO; @@ -95,22 +93,22 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Serves HTTP request. The format of this request is + * Serves HTTP request. The format of this request is * as follows: - * confirmRecoverBySerial? - * [serialNumber=<serialno>] + * confirmRecoverBySerial? + * [serialNumber=<serialno>] */ public void process(CMSRequest cmsReq) throws EBaseException { // Note that we should try to handle all the exceptions // instead of passing it up back to the servlet // framework. - + HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -123,9 +121,9 @@ public class ConfirmRecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -147,8 +145,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -157,10 +155,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -169,17 +167,17 @@ public class ConfirmRecoverBySerial extends CMSServlet { * Requests for a list of agent passwords. */ private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue(OUT_SERIALNO, seq); header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); + mRecoveryService.getNoOfRequiredAgents()); header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( Integer.toString(seq))); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java index 510f1ac3..a3490d89 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display a specific Key Archival Request * <P> - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerial.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet { * <ul> * <li>http.param serialNumber serial number of the key archival request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -119,10 +117,10 @@ public class DisplayBySerial extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -137,9 +135,9 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions @@ -159,7 +157,7 @@ public class DisplayBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -169,9 +167,9 @@ public class DisplayBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -179,15 +177,15 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular key. */ private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + req.getRequestURI()); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java index 2ef78c64..1ef0ba40 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display a Specific Key Archival Request, and initiate * key recovery process - * + * * @version $Revision$, $Date$ */ public class DisplayBySerialForRecovery extends CMSServlet { @@ -80,7 +78,7 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerialForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,17 +93,17 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData + * <li>http.param serialNumber request ID of key archival request + * <li>http.param publicKeyData * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,10 +119,10 @@ public class DisplayBySerialForRecovery extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -139,9 +137,9 @@ public class DisplayBySerialForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions @@ -159,12 +157,12 @@ public class DisplayBySerialForRecovery extends CMSServlet { seqNum = Integer.parseInt( req.getParameter(IN_SERIALNO)); } - process(argSet, header, - req.getParameter("publicKeyData"), - seqNum, req, resp, locale[0]); + process(argSet, header, + req.getParameter("publicKeyData"), + seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (Exception e) { e.printStackTrace(); System.out.println(e.toString()); @@ -176,9 +174,9 @@ public class DisplayBySerialForRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -187,23 +185,23 @@ public class DisplayBySerialForRecovery extends CMSServlet { * Display information about a particular key. */ private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String publicKeyData, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); + mService.getNoOfRequiredAgents()); header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); + CMS.getConfigStore().getString("kra.keySplitting")); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); if (publicKeyData != null) { header.addStringValue("publicKeyData", - publicKeyData); + publicKeyData); } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java index d4baf181..a86a676b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -34,11 +33,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve Transport Certificate used to + * Retrieve Transport Certificate used to * wrap Private key Archival requests - * + * * @version $Revision$, $Date$ */ public class DisplayTransport extends CMSServlet { @@ -67,13 +65,13 @@ public class DisplayTransport extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -98,21 +96,21 @@ public class DisplayTransport extends CMSServlet { } try { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; ITransportKeyUnit tu = kra.getTransportKeyUnit(); org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); + tu.getCertificate(); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); - String content = ""; + String content = ""; content += "<HTML><PRE>"; - String mime64 = - "-----BEGIN CERTIFICATE-----\n" + - CMS.BtoA(transportCert.getEncoded()) + - "-----END CERTIFICATE-----\n"; + String mime64 = + "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(transportCert.getEncoded()) + + "-----END CERTIFICATE-----\n"; content += mime64; content += "</PRE></HTML>"; @@ -120,9 +118,9 @@ public class DisplayTransport extends CMSServlet { resp.getOutputStream().write(content.getBytes()); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java index 9fbad7a6..bc23e635 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * View the Key Recovery Request - * + * View the Key Recovery Request + * * @version $Revision$, $Date$ */ public class ExamineRecovery extends CMSServlet { @@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet { * <ul> * <li>http.param recoveryID recovery request ID * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -127,10 +125,10 @@ public class ExamineRecovery extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -145,9 +143,9 @@ public class ExamineRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -158,9 +156,9 @@ public class ExamineRecovery extends CMSServlet { EBaseException error = null; try { - process(argSet, header, - req.getParameter("recoveryID"), - req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + req, resp, locale[0]); } catch (EBaseException e) { error = e; } catch (Exception e) { @@ -184,12 +182,12 @@ public class ExamineRecovery extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -197,9 +195,9 @@ public class ExamineRecovery extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -208,41 +206,40 @@ public class ExamineRecovery extends CMSServlet { * provided by the administrator. */ private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + IArgBlock header, String recoveryID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); + CMS.getConfigStore().getString("kra.keySplitting")); Hashtable params = mService.getRecoveryParams( recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - String keyID = (String)params.get("keyID"); - header.addStringValue("serialNumber", keyID); + String keyID = (String) params.get("keyID"); + header.addStringValue("serialNumber", keyID); header.addStringValue("recoveryID", recoveryID); - IKeyRepository mKeyDB = - ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); + IKeyRepository mKeyDB = + ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(keyID)); KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Error e " + e); throw e; - } + } /* catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java index 4bd4d45b..79bb937e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check to see if a Key Recovery Request has been approved - * + * * @version $Revision$, $Date$ */ public class GetApprovalStatus extends CMSServlet { @@ -81,7 +79,7 @@ public class GetApprovalStatus extends CMSServlet { * initialize the servlet. This servlet uses the template files * "getApprovalStatus.template" and "finishRecovery.template" * to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet { * <ul> * <li>http.param recoveryID request ID to check * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -148,12 +146,12 @@ public class GetApprovalStatus extends CMSServlet { if (params == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } header.addStringValue("serialNumber", - (String) params.get("keyID")); + (String) params.get("keyID")); int requiredNumber = mService.getNoOfRequiredAgents(); @@ -174,7 +172,7 @@ public class GetApprovalStatus extends CMSServlet { if (pkcs12 != null) { rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); + header.addStringValue(OUT_STATUS, "complete"); /* mService.destroyRecoveryParams(recoveryID); @@ -193,8 +191,8 @@ public class GetApprovalStatus extends CMSServlet { */ } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); rComplete = 1; } else { // pk12 hasn't been created yet. @@ -210,16 +208,16 @@ public class GetApprovalStatus extends CMSServlet { mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; } else { mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; - } + } if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } ServletOutputStream out = resp.getOutputStream(); @@ -228,9 +226,9 @@ public class GetApprovalStatus extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index cea08af3..4a962838 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Locale; @@ -42,11 +41,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get the recovered key in PKCS#12 format - * - for asynchronous key recovery only - * + * - for asynchronous key recovery only + * */ public class GetAsyncPk12 extends CMSServlet { @@ -67,13 +65,11 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -87,7 +83,7 @@ public class GetAsyncPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishAsyncRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,8 +99,8 @@ public class GetAsyncPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -112,7 +108,7 @@ public class GetAsyncPk12 extends CMSServlet { * <ul> * <li>http.param reqID request id for recovery * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -132,10 +128,10 @@ public class GetAsyncPk12 extends CMSServlet { mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +146,9 @@ public class GetAsyncPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -173,9 +169,9 @@ public class GetAsyncPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetAsyncPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetAsyncPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } String initAgent = "undefined"; @@ -183,18 +179,18 @@ public class GetAsyncPk12 extends CMSServlet { if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", - reqID, initAgent)); + CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", + reqID, initAgent)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", - reqID, initAgent)); + CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", + reqID, initAgent)); } // The async recovery request must be in "approved" state // i.e. all required # of recovery agents approved if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException( "# required recovery agents not met" ); + throw new EBaseException("# required recovery agents not met"); } String password = req.getParameter(IN_PASSWORD); @@ -202,11 +198,11 @@ public class GetAsyncPk12 extends CMSServlet { if (password == null || password.equals("")) { header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException( "PKCS12 password not found" ); + throw new EBaseException("PKCS12 password not found"); } if (passwordAgain == null || !passwordAgain.equals(password)) { header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException( "PKCS12 password not matched" ); + throw new EBaseException("PKCS12 password not matched"); } // got all approval, return pk12 @@ -219,23 +215,23 @@ public class GetAsyncPk12 extends CMSServlet { mRenderResult = false; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - reqID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + reqID, + ""); - audit(auditMessage); + audit(auditMessage); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(reqID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -245,11 +241,11 @@ public class GetAsyncPk12 extends CMSServlet { if ((agent != null) && (reqID != null)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - reqID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + reqID, + ""); audit(auditMessage); } @@ -261,9 +257,9 @@ public class GetAsyncPk12 extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index b3651774..f27e966d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get the recovered key in PKCS#12 format - * + * * @version $Revision$, $Date$ */ public class GetPk12 extends CMSServlet { @@ -66,13 +64,11 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -86,7 +82,7 @@ public class GetPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,8 +98,8 @@ public class GetPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -111,7 +107,7 @@ public class GetPk12 extends CMSServlet { * <ul> * <li>http.param recoveryID ID of request to recover * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -131,10 +127,10 @@ public class GetPk12 extends CMSServlet { mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -149,9 +145,9 @@ public class GetPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -170,9 +166,9 @@ public class GetPk12 extends CMSServlet { if (params == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } // only the init DRM agent can get the pkcs12 @@ -181,26 +177,26 @@ public class GetPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } - String initAgent = (String) params.get("agent"); + String initAgent = (String) params.get("agent"); if (!agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", + + CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, initAgent)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT", - agent, initAgent, recoveryID)); + CMS.getUserMessage("CMS_GW_INVALID_AGENT", + agent, initAgent, recoveryID)); } header.addStringValue("serialNumber", - (String) params.get("keyID")); + (String) params.get("keyID")); // got all approval, return pk12 byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); @@ -213,23 +209,23 @@ public class GetPk12 extends CMSServlet { mRenderResult = false; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - recoveryID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + recoveryID, + ""); audit(auditMessage); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -239,11 +235,11 @@ public class GetPk12 extends CMSServlet { if ((agent != null) && (recoveryID != null)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - recoveryID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + recoveryID, + ""); audit(auditMessage); } @@ -255,9 +251,9 @@ public class GetPk12 extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index a868f47c..dad21487 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve an asynchronous key recovery request - * + * */ public class GrantAsyncRecovery extends CMSServlet { @@ -69,7 +68,7 @@ public class GrantAsyncRecovery extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -81,7 +80,7 @@ public class GrantAsyncRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantAsyncRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,8 +97,8 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -107,9 +106,9 @@ public class GrantAsyncRecovery extends CMSServlet { * <ul> * <li>http.param reqID request ID of the request to approve * <li>http.param agentID User ID of the agent approving the request - + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,10 +127,10 @@ public class GrantAsyncRecovery extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -146,9 +145,9 @@ public class GrantAsyncRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -161,13 +160,13 @@ public class GrantAsyncRecovery extends CMSServlet { CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); try { - process(argSet, header, - req.getParameter("reqID"), - agentID, - req, resp, locale[0]); + process(argSet, header, + req.getParameter("reqID"), + agentID, + req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -176,9 +175,9 @@ public class GrantAsyncRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -186,12 +185,11 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Update agent approval list * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used - * whenever DRM agents login as recovery agents to approve key recovery - * requests + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reqID string containing the recovery request ID @@ -201,10 +199,10 @@ public class GrantAsyncRecovery extends CMSServlet { * @param locale the system locale */ private void process(CMSTemplateParams argSet, - IArgBlock header, String reqID, - String agentID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String reqID, + String agentID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequestID = reqID; @@ -234,9 +232,9 @@ public class GrantAsyncRecovery extends CMSServlet { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); // update approving agent list mService.addAgentAsyncKeyRecovery(reqID, agentID); @@ -281,4 +279,3 @@ public class GrantAsyncRecovery extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java index 9a7238be..a7069644 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve a key recovery request - * + * * @version $Revision$, $Date$ */ public class GrantRecovery extends CMSServlet { @@ -74,7 +72,7 @@ public class GrantRecovery extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -86,7 +84,7 @@ public class GrantRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,19 +101,19 @@ public class GrantRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - + * <li>http.param agentID User ID of the agent approving the request + * <li>http.param agentPWD Password of the agent approving the request + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -132,10 +130,10 @@ public class GrantRecovery extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +148,9 @@ public class GrantRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -166,14 +164,14 @@ public class GrantRecovery extends CMSServlet { agentID = req.getParameter("agentID"); } try { - process(argSet, header, - req.getParameter("recoveryID"), - agentID, - req.getParameter("agentPWD"), - req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + agentID, + req.getParameter("agentPWD"), + req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -182,9 +180,9 @@ public class GrantRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -193,12 +191,11 @@ public class GrantRecovery extends CMSServlet { * Recovers a key. The p12 will be protected by the password * provided by the administrator. * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used - * whenever DRM agents login as recovery agents to approve key recovery - * requests + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param recoveryID string containing the recovery ID @@ -209,10 +206,10 @@ public class GrantRecovery extends CMSServlet { * @param locale the system locale */ private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String recoveryID, + String agentID, String agentPWD, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRecoveryID = recoveryID; @@ -242,15 +239,15 @@ public class GrantRecovery extends CMSServlet { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); Hashtable h = mService.getRecoveryParams(recoveryID); if (h == null) { - header.addStringValue(OUT_ERROR, - "No such token found"); + header.addStringValue(OUT_ERROR, + "No such token found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -265,13 +262,13 @@ public class GrantRecovery extends CMSServlet { return; } header.addStringValue("serialNumber", - (String) h.get("keyID")); + (String) h.get("keyID")); mService.addDistributedCredential(recoveryID, agentID, agentPWD); header.addStringValue("agentID", - agentID); + agentID); header.addStringValue("recoveryID", - recoveryID); + recoveryID); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -310,4 +307,3 @@ public class GrantRecovery extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 9ce8585f..1171236b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.util.Date; import com.netscape.certsrv.apps.CMS; @@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** * Output a 'pretty print' of a Key Archival record - * + * * @version $Revision$, $Date$ */ public class KeyRecordParser { @@ -44,28 +43,27 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; - /** * Fills key record into argument block. */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { + public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) + throws EBaseException { if (rec == null) return; rarg.addStringValue(OUT_STATE, - rec.getState().toString()); + rec.getState().toString()); rarg.addStringValue(OUT_OWNER_NAME, - rec.getOwnerName()); + rec.getOwnerName()); rarg.addIntegerValue(OUT_SERIALNO, - rec.getSerialNumber().intValue()); + rec.getSerialNumber().intValue()); rarg.addStringValue(OUT_KEY_ALGORITHM, - rec.getAlgorithm()); + rec.getAlgorithm()); // Possible Enhancement: sun's BASE64Encode is not // fast. We may may to have our native implmenetation. IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); + pp.toHexString(rec.getPublicKeyData(), 0, 20)); Integer keySize = rec.getKeySize(); if (keySize == null) { @@ -74,16 +72,16 @@ public class KeyRecordParser { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } rarg.addStringValue(OUT_ARCHIVED_BY, - rec.getArchivedBy()); + rec.getArchivedBy()); rarg.addLongValue(OUT_ARCHIVED_ON, - rec.getCreateTime().getTime() / 1000); + rec.getCreateTime().getTime() / 1000); Date dateOfRevocation[] = rec.getDateOfRevocation(); if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, - "null"); - rarg.addStringValue(OUT_RECOVERED_ON, - "null"); + rarg.addStringValue(OUT_RECOVERED_BY, + "null"); + rarg.addStringValue(OUT_RECOVERED_ON, + "null"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index edcd2bdf..8abafa15 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -108,22 +107,22 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] + * recoverBySerial? + * [serialNumber=<number>] + * [uid#=<uid>] + * [pwd#=<password>] + * [localAgents=yes|null] + * [recoveryID=recoveryID] + * [pkcs12Password=<password of pkcs12>] + * [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] + * [cert=<encryption certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -138,10 +137,10 @@ public class RecoverBySerial extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -156,9 +155,9 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -197,46 +196,46 @@ public class RecoverBySerial extends CMSServlet { also be listed in the request. */ if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), + req, resp, locale[0]); + + if (pkcs12 != null) { + //resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + //resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } } } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } finally { SessionContext.releaseContext(); } @@ -249,9 +248,9 @@ public class RecoverBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -260,10 +259,10 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { // seq is the key id if (seq == null) { @@ -291,22 +290,22 @@ public class RecoverBySerial extends CMSServlet { try { String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, + new BigInteger(seq), x509cert, (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -317,11 +316,11 @@ public class RecoverBySerial extends CMSServlet { * provided by the administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, + String password, String passwordAgain, + String cert, String delivery, String nickname, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -360,65 +359,65 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable params = mService.createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, "No recovery ID specified"); + return null; + } + Hashtable params = mService.createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, + SessionContext.getContext()); - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") && + !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + return null; + } + } + if (v.size() != mService.getNoOfRequiredAgents()) { header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); return null; } + creds = new Credential[v.size()]; + v.copyInto(creds); } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, - Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, + Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(seq), + creds, password, x509cert, + delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -440,7 +439,7 @@ public class RecoverBySerial extends CMSServlet { waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -462,24 +461,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { + String password, X509CertImpl cert, + String delivery, String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -487,17 +486,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } return; } @@ -514,16 +513,16 @@ public class RecoverBySerial extends CMSServlet { ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -531,4 +530,3 @@ public class RecoverBySerial extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java index c0fdd02e..b6693ee6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching search criteria - * + * * @version $Revision$, $Date$ */ public class SrchKey extends CMSServlet { @@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -93,20 +92,20 @@ public class SrchKey extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKey.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - /* maxReturns doesn't seem to do anything useful in this + /* maxReturns doesn't seem to do anything useful in this servlet!!! */ try { String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -132,20 +131,20 @@ public class SrchKey extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param queryFilter ldap-style filter to search with * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -162,10 +161,10 @@ public class SrchKey extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -180,9 +179,9 @@ public class SrchKey extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // process query if authentication is successful @@ -213,11 +212,11 @@ public class SrchKey extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, ctx, maxCount, maxResults, - timeLimit, sentinel, - req.getParameter(IN_FILTER), req, resp, locale[0]); + timeLimit, sentinel, + req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -227,9 +226,9 @@ public class SrchKey extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -238,53 +237,53 @@ public class SrchKey extends CMSServlet { * Process the key search. */ private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + mAuthName.toString()); // STRANGE: IE does not like the following: // header.addStringValue(OUT_SERVICE_URL, // req.getRequestURI()); // XXX header.addStringValue(OUT_SERVICE_URL, - "/kra?"); + "/kra?"); header.addStringValue(OUT_TEMPLATE, - TPL_FILE); + TPL_FILE); header.addStringValue(OUT_FILTER, - filter); + filter); if (timeLimit == -1 || timeLimit > mTimeLimits) { CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration e = mKeyDB.searchKeys(filter, + Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit); int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { IKeyRecord rec = (IKeyRecord) - e.nextElement(); + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java index 56a1817e..828ef0e6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching given public key material - * - * + * + * * @version $Revision$, $Date$ */ public class SrchKeyForRecovery extends CMSServlet { @@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKeyForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,9 +102,9 @@ public class SrchKeyForRecovery extends CMSServlet { try { String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -131,20 +130,20 @@ public class SrchKeyForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch * <li>http.param publicKeyData public key data to search on * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -161,10 +160,10 @@ public class SrchKeyForRecovery extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -179,11 +178,11 @@ public class SrchKeyForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - + // process query if authentication is successful IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); @@ -213,10 +212,10 @@ public class SrchKeyForRecovery extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, - req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); + req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } @@ -230,12 +229,12 @@ public class SrchKeyForRecovery extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -243,9 +242,9 @@ public class SrchKeyForRecovery extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -253,31 +252,31 @@ public class SrchKeyForRecovery extends CMSServlet { * Process the key search. */ private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, - String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, + String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + mAuthName.toString()); // STRANGE: IE does not like the following: // header.addStringValue(OUT_SERVICE_URL, // req.getRequestURI()); // XXX header.addStringValue(OUT_SERVICE_URL, - "/kra?"); + "/kra?"); header.addStringValue(OUT_TEMPLATE, - TPL_FILE); + TPL_FILE); header.addStringValue(OUT_FILTER, - filter); + filter); if (publicKeyData != null) { header.addStringValue("publicKeyData", - publicKeyData); + publicKeyData); } if (timeLimit == -1 || timeLimit > mTimeLimits) { @@ -290,21 +289,21 @@ public class SrchKeyForRecovery extends CMSServlet { if (e == null) { header.addStringValue(OUT_SENTINEL, - null); + null); } else { while (e.hasMoreElements()) { IKeyRecord rec = (IKeyRecord) - e.nextElement(); + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java index c365d0f8..93936ca1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509Certificate; @@ -46,22 +45,21 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Configure the CA to respond to OCSP requests for a CA - * + * * @version $Revision$ $Date$ */ public class AddCAServlet extends CMSServlet { - + /** * */ private static final long serialVersionUID = 1065151608542115340L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); @@ -71,9 +69,9 @@ public class AddCAServlet extends CMSServlet { private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; public AddCAServlet() { super(); @@ -82,7 +80,7 @@ public class AddCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,19 +98,15 @@ public class AddCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert ca certificate. The format is base-64, DER - * encoded, wrapped with -----BEGIN CERTIFICATE-----, - * -----END CERTIFICATE----- strings - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when - * a CA is attempted to be added to the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED - * used when an add CA request to the OCSP Responder is processed + * <li>http.param cert ca certificate. The format is base-64, DER encoded, wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA is attempted to be added to the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used when an add CA request to the OCSP Responder is processed * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -143,9 +137,9 @@ public class AddCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -153,10 +147,10 @@ public class AddCAServlet extends CMSServlet { CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } @@ -164,12 +158,12 @@ public class AddCAServlet extends CMSServlet { if (b64 == null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT")); } @@ -177,32 +171,32 @@ public class AddCAServlet extends CMSServlet { auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim())); // record the fact that a request to add CA is made auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditCA); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditCA); - audit( auditMessage ); + audit(auditMessage); if (b64.indexOf(BEGIN_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); } @@ -215,17 +209,17 @@ public class AddCAServlet extends CMSServlet { try { X509Certificate cert = Cert.mapCert(b64); - if( cert == null ) { - CMS.debug( "AddCAServlet::process() - cert is null!" ); + if (cert == null) { + CMS.debug("AddCAServlet::process() - cert is null!"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); - throw new EBaseException( "cert is null" ); + throw new EBaseException("cert is null"); } else { certs = new X509Certificate[1]; } @@ -247,15 +241,15 @@ public class AddCAServlet extends CMSServlet { auditCASubjectDN = leafCert.getSubjectDN().getName(); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } } if (certs != null && certs.length > 0) { @@ -264,32 +258,32 @@ public class AddCAServlet extends CMSServlet { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, + leafCert.getSubjectDN().getName(), + BIG_ZERO, MINUS_ONE, null, null); try { rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); } try { @@ -297,18 +291,18 @@ public class AddCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index 029d396b..8a3ea60b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Update the OCSP responder with a new CRL - * + * * @version $Revision$ $Date$ */ public class AddCRLServlet extends CMSServlet { @@ -68,18 +66,18 @@ public class AddCRLServlet extends CMSServlet { */ private static final long serialVersionUID = 1476080474638590902L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + "-----BEGIN CERTIFICATE REVOCATION LIST-----"; public static final String END_HEADER = - "-----END CERTIFICATE REVOCATION LIST-----"; + "-----END CERTIFICATE REVOCATION LIST-----"; private final static String TPL_FILE = "addCRL.template"; private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = - "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; + "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = - "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; + "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; public AddCRLServlet() { super(); @@ -88,7 +86,7 @@ public class AddCRLServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCRL.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,31 +103,28 @@ public class AddCRLServlet extends CMSServlet { /** * Process the HTTP request. * <P> - * + * * <ul> - * <li>http.param crl certificate revocation list, base-64, DER encoded - * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, - * -----END CERTIFICATE REVOCATION LIST----- strings + * <li>http.param crl certificate revocation list, base-64, DER encoded wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END CERTIFICATE REVOCATION LIST----- strings * <li>http.param noui if true, use minimal hardcoded text response - * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are - * retrieved by the OCSP Responder ("agent" or "EE") - * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is - * retrieved and validation process occurs ("agent" or "EE") + * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are retrieved by the OCSP Responder ("agent" or "EE") + * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is retrieved and validation process occurs ("agent" or "EE") * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ protected synchronized void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { boolean CRLFetched = false; boolean CRLValidated = false; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("add_crl", true /* main action */); + statsSub.startTiming("add_crl", true /* main action */); } try { @@ -152,42 +147,43 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); return; } if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { if (authToken != null) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } - } + } } log(ILogger.LL_INFO, "AddCRLServlet"); String b64 = cmsReq.getHttpReq().getParameter("crl"); - if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64); + if (CMS.debugOn()) + CMS.debug("AddCRLServlet: b64=" + b64); if (b64 == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CRL")); + CMS.getUserMessage("CMS_GW_MISSING_CRL")); } String nouiParm = cmsReq.getHttpReq().getParameter("noui"); @@ -209,20 +205,20 @@ public class AddCRLServlet extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -231,32 +227,32 @@ public class AddCRLServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CRL_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CRL_FOOTER")); @@ -270,30 +266,30 @@ public class AddCRLServlet extends CMSServlet { long startTime = CMS.getCurrentDate().getTime(); CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime); if (statsSub != null) { - statsSub.startTiming("decode_crl"); + statsSub.startTiming("decode_crl"); } - crl = mapCRL1( b64 ); + crl = mapCRL1(b64); if (statsSub != null) { - statsSub.endTiming("decode_crl"); + statsSub.endTiming("decode_crl"); } long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + - " diff=" + (endTime - startTime)); + CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + + " diff=" + (endTime - startTime)); // Retrieve the actual CRL number BigInteger crlNum = crl.getCRLNumber(); - if( crlNum != null ) { + if (crlNum != null) { auditCRLNum = crlNum.toString(); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.SUCCESS, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.SUCCESS, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); // acknowledge that the CRL has been retrieved CRLFetched = true; @@ -302,18 +298,18 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + - crl.getIssuerDN().getName()); + log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + + crl.getIssuerDN().getName()); ICRLIssuingPointRecord pt = null; @@ -322,94 +318,94 @@ public class AddCRLServlet extends CMSServlet { crl.getIssuerDN().getName()); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " + - pt.getThisUpdate()); + pt.getThisUpdate()); // verify CRL byte caCertData[] = pt.getCACert(); if (caCertData != null) { - try { - X509CertImpl caCert = new X509CertImpl(caCertData); - CMS.debug("AddCRLServlet: start verify"); - - CryptoManager cmanager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate jssCert = null; try { - jssCert = cmanager.importCACertPackage( - caCert.getEncoded()); - } catch (Exception e2) { - CMS.debug("AddCRLServlet: importCACertPackage " + - e2.toString()); - throw new EBaseException( e2.toString() ); - } + X509CertImpl caCert = new X509CertImpl(caCertData); + CMS.debug("AddCRLServlet: start verify"); - if (statsSub != null) { - statsSub.startTiming("verify_crl"); - } - crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); - if (statsSub != null) { - statsSub.endTiming("verify_crl"); - } - CMS.debug("AddCRLServlet: done verify"); + CryptoManager cmanager = CryptoManager.getInstance(); + org.mozilla.jss.crypto.X509Certificate jssCert = null; + try { + jssCert = cmanager.importCACertPackage( + caCert.getEncoded()); + } catch (Exception e2) { + CMS.debug("AddCRLServlet: importCACertPackage " + + e2.toString()); + throw new EBaseException(e2.toString()); + } - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.SUCCESS ); + if (statsSub != null) { + statsSub.startTiming("verify_crl"); + } + crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); + if (statsSub != null) { + statsSub.endTiming("verify_crl"); + } + CMS.debug("AddCRLServlet: done verify"); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.SUCCESS); - // acknowledge that the CRL has been validated - CRLValidated = true; - } catch (Exception e) { - CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); - CMS.debug(e); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + audit(auditMessage); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + // acknowledge that the CRL has been validated + CRLValidated = true; + } catch (Exception e) { + CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); + CMS.debug(e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); - } + audit(auditMessage); + + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + } } - if ((pt.getThisUpdate() != null) && - (pt.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime())) { + if ((pt.getThisUpdate() != null) && + (pt.getThisUpdate().getTime() >= + crl.getThisUpdate().getTime())) { // error, the uploaded CRL is older than the current CMS.debug("AddCRLServlet: no update, CRL is older"); log(ILogger.LL_INFO, - "AddCRLServlet: no update, received CRL is older " + - "than current CRL"); + "AddCRLServlet: no update, received CRL is older " + + "than current CRL"); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Sent CRL is older than the current CRL\n".getBytes()); + "error=Sent CRL is older than the current CRL\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); @@ -430,20 +426,20 @@ public class AddCRLServlet extends CMSServlet { // already been logged at this point! throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_OLD_CRL_ERROR")); + "CMS_GW_OLD_CRL_ERROR")); } } if (crl.isDeltaCRL()) { CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported."); - log(ILogger.LL_INFO, "AddCRLServlet: no update, "+ - CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + log(ILogger.LL_INFO, "AddCRLServlet: no update, " + + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Delta CRLs are not supported.\n".getBytes()); + "error=Delta CRLs are not supported.\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); @@ -465,26 +461,26 @@ public class AddCRLServlet extends CMSServlet { IRepositoryRecord repRec = defStore.createRepositoryRecord(); - repRec.set(IRepositoryRecord.ATTR_SERIALNO, - new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); + repRec.set(IRepositoryRecord.ATTR_SERIALNO, + new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); try { defStore.addRepository( - crl.getIssuerDN().getName(), - Long.toString(crl.getThisUpdate().getTime()), - repRec); + crl.getIssuerDN().getName(), + Long.toString(crl.getThisUpdate().getTime()), + repRec); log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " + - Long.toString(crl.getThisUpdate().getTime())); + Long.toString(crl.getThisUpdate().getTime())); } catch (Exception e) { - CMS.debug("AddCRLServlet: add repository e=" + e.toString()); + CMS.debug("AddCRLServlet: add repository e=" + e.toString()); } - log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + - Long.toString(crl.getThisUpdate().getTime())); + log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + + Long.toString(crl.getThisUpdate().getTime())); if (defStore.waitOnCRLUpdate()) { defStore.updateCRL(crl); } else { - // when the CRL large, the thread is terminiated by the - // servlet framework before it can finish its work + // when the CRL large, the thread is terminiated by the + // servlet framework before it can finish its work UpdateCRLThread uct = new UpdateCRLThread(defStore, crl); uct.start(); @@ -496,25 +492,25 @@ public class AddCRLServlet extends CMSServlet { if (noUI) { CMS.debug("AddCRLServlet: return result noUI=true"); resp.setContentType("application/text"); - resp.getOutputStream().write("status=0".getBytes()); + resp.getOutputStream().write("status=0".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); } else { CMS.debug("AddCRLServlet: return result noUI=false"); String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { CMS.debug("AddCRLServlet: return result error=" + e.toString()); mOCSPAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); // NOTE: The signed audit events // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and @@ -522,38 +518,38 @@ public class AddCRLServlet extends CMSServlet { // already been logged at this point! throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - } catch( EBaseException eAudit1 ) { - if( !CRLFetched ) { + } catch (EBaseException eAudit1) { + if (!CRLFetched) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); } else { - if( !CRLValidated ) { + if (!CRLValidated) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } throw eAudit1; } if (statsSub != null) { - statsSub.endTiming("add_crl"); + statsSub.endTiming("add_crl"); } } public X509CRLImpl mapCRL1(String mime64) - throws IOException { + throws IOException { mime64 = Cert.stripCRLBrackets(mime64.trim()); byte rawPub[] = CMS.AtoB(mime64); @@ -568,21 +564,20 @@ public class AddCRLServlet extends CMSServlet { } } - class UpdateCRLThread extends Thread { private IDefStore mDefStore = null; private X509CRL mCRL = null; public UpdateCRLThread( - IDefStore defStore, X509CRL crl) { + IDefStore defStore, X509CRL crl) { mDefStore = defStore; mCRL = crl; } public void run() { try { - if (!((X509CRLImpl)mCRL).areEntriesIncluded()) - mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded()); + if (!((X509CRLImpl) mCRL).areEntriesIncluded()) + mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded()); mDefStore.updateCRL(mCRL); } catch (CRLException e) { } catch (X509ExtensionException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 3e5d1f49..4c734cee 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** - * Check the status of a specific certificate - * + * Check the status of a specific certificate + * * @version $Revision$ $Date$ */ public class CheckCertServlet extends CMSServlet { @@ -61,9 +59,9 @@ public class CheckCertServlet extends CMSServlet { */ private static final long serialVersionUID = 7782198059640825050L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; public static final String ATTR_STATUS = "status"; public static final String ATTR_ISSUERDN = "issuerDN"; @@ -85,7 +83,7 @@ public class CheckCertServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "checkCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,14 +100,13 @@ public class CheckCertServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert certificate to check. Base64, DER encoded, wrapped - * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings + * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -136,9 +133,9 @@ public class CheckCertServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -177,9 +174,9 @@ public class CheckCertServlet extends CMSServlet { header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName()); header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16)); try { - X509CRLImpl crl = null; + X509CRLImpl crl = null; - crl = new X509CRLImpl(pt.getCRL()); + crl = new X509CRLImpl(pt.getCRL()); X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber()); if (crlentry == null) { @@ -201,18 +198,18 @@ public class CheckCertServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java index 704c759c..1aaf1d6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve information about the number of OCSP requests the OCSP + * Retrieve information about the number of OCSP requests the OCSP * has serviced - * + * * @version $Revision$, $Date$ */ public class GetOCSPInfo extends CMSServlet { @@ -63,7 +61,7 @@ public class GetOCSPInfo extends CMSServlet { /** * initialize the servlet. This servlet uses the template * file "getOCSPInfo.template" to render the result page. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +77,13 @@ public class GetOCSPInfo extends CMSServlet { } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,10 +95,10 @@ public class GetOCSPInfo extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,7 +112,7 @@ public class GetOCSPInfo extends CMSServlet { if (!(mAuthority instanceof IOCSPService)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,10 +123,10 @@ public class GetOCSPInfo extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -147,8 +144,8 @@ public class GetOCSPInfo extends CMSServlet { header.addLongValue("totalData", ca.getOCSPTotalData()); long secs = 0; if (ca.getOCSPRequestTotalTime() != 0) { - secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); - } + secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); + } header.addLongValue("ReqSec", secs); try { ServletOutputStream out = httpResp.getOutputStream(); @@ -157,10 +154,10 @@ public class GetOCSPInfo extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java index 063d8513..6b9d2094 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show the list of CA's that the OCSP responder can service - * + * * @version $Revision$ $Date$ */ public class ListCAServlet extends CMSServlet { @@ -58,9 +56,9 @@ public class ListCAServlet extends CMSServlet { */ private static final long serialVersionUID = 3764395161795483452L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; private final static String TPL_FILE = "listCAs.template"; private String mFormPath = null; @@ -73,7 +71,7 @@ public class ListCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "listCAs.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -89,11 +87,11 @@ public class ListCAServlet extends CMSServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -120,9 +118,9 @@ public class ListCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -133,12 +131,12 @@ public class ListCAServlet extends CMSServlet { Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100); // show the current CRL number if present - header.addStringValue("stateCount", - Integer.toString(defStore.getStateCount())); + header.addStringValue("stateCount", + Integer.toString(defStore.getStateCount())); while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = - (ICRLIssuingPointRecord) recs.nextElement(); + ICRLIssuingPointRecord rec = + (ICRLIssuingPointRecord) recs.nextElement(); IArgBlock rarg = CMS.createArgBlock(); String thisId = rec.getId(); @@ -163,17 +161,17 @@ public class ListCAServlet extends CMSServlet { rarg.addLongValue("NumRevoked", 0); } else { if (rc.longValue() == -1) { - rarg.addStringValue("NumRevoked", "UNKNOWN"); - } else { - rarg.addLongValue("NumRevoked", rc.longValue()); + rarg.addStringValue("NumRevoked", "UNKNOWN"); + } else { + rarg.addLongValue("NumRevoked", rc.longValue()); } } BigInteger crlNumber = rec.getCRLNumber(); if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) { - rarg.addStringValue("CRLNumber", "UNKNOWN"); + rarg.addStringValue("CRLNumber", "UNKNOWN"); } else { - rarg.addStringValue("CRLNumber", crlNumber.toString()); + rarg.addStringValue("CRLNumber", crlNumber.toString()); } rarg.addLongValue("ReqCount", defStore.getReqCount(thisId)); @@ -185,18 +183,18 @@ public class ListCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java index cfc91975..24c16384 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData; import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; - /** * Process OCSP messages, According to RFC 2560 * See http://www.ietf.org/rfc/rfc2560.txt - * + * * @version $Revision$ $Date$ */ public class OCSPServlet extends CMSServlet { @@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet { public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize"; public final static String PROP_ID = "ID"; - private int m_maxRequestSize=5000; + private int m_maxRequestSize = 5000; public OCSPServlet() { super(); @@ -74,35 +72,36 @@ public class OCSPServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE); if (s != null) { - try { - m_maxRequestSize = Integer.parseInt(s); - } catch (Exception e) {} - } + try { + m_maxRequestSize = Integer.parseInt(s); + } catch (Exception e) { + } + } } /** - * Process the HTTP request. + * Process the HTTP request. * This method is invoked when the OCSP service receives a OCSP * request. Based on RFC 2560, the request should have the OCSP * request in the HTTP body as binary blob. - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("ocsp", true /* main action */); + statsSub.startTiming("ocsp", true /* main action */); } IAuthToken authToken = authenticate(cmsReq); @@ -119,12 +118,12 @@ public class OCSPServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + CMS.debug("Servlet Path=" + httpReq.getServletPath()); CMS.debug("RequestURI=" + httpReq.getRequestURI()); - String pathInfo = httpReq.getPathInfo(); + String pathInfo = httpReq.getPathInfo(); if (pathInfo != null && pathInfo.indexOf('%') != -1) { - pathInfo = URLDecoder.decode(pathInfo); + pathInfo = URLDecoder.decode(pathInfo); } CMS.debug("PathInfo=" + pathInfo); @@ -136,46 +135,46 @@ public class OCSPServlet extends CMSServlet { String method = httpReq.getMethod(); CMS.debug("Method=" + method); if (method != null && method.equals("POST")) { - int reqlen = httpReq.getContentLength(); - - if (reqlen == -1) { - throw new Exception("OCSPServlet: Content-Length not supplied"); - } - if (reqlen == 0) { - throw new Exception("OCSPServlet: Invalid Content-Length"); - } - if (reqlen > m_maxRequestSize) { - throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")"); - } - - // for debugging - reqbuf = new byte[reqlen]; - int bytesread = 0; - boolean partial = false; - - while (bytesread < reqlen) { - int r = is.read(reqbuf, bytesread, reqlen - bytesread); - if (r == -1) { - throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + int reqlen = httpReq.getContentLength(); + + if (reqlen == -1) { + throw new Exception("OCSPServlet: Content-Length not supplied"); + } + if (reqlen == 0) { + throw new Exception("OCSPServlet: Invalid Content-Length"); + } + if (reqlen > m_maxRequestSize) { + throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")"); } - bytesread += r; - if (partial == false) { - if (bytesread < reqlen) { - partial = true; + + // for debugging + reqbuf = new byte[reqlen]; + int bytesread = 0; + boolean partial = false; + + while (bytesread < reqlen) { + int r = is.read(reqbuf, bytesread, reqlen - bytesread); + if (r == -1) { + throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + } + bytesread += r; + if (partial == false) { + if (bytesread < reqlen) { + partial = true; + } } } - } - is = new ByteArrayInputStream(reqbuf); + is = new ByteArrayInputStream(reqbuf); } else { - // GET method - if ( (pathInfo == null) || - (pathInfo.equals( "" ) ) || - (pathInfo.substring(1) == null) || - (pathInfo.substring(1).equals( "" ) ) ) { - throw new Exception("OCSPServlet: OCSP request not provided in GET method"); - } - is = new ByteArrayInputStream( - com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); + // GET method + if ((pathInfo == null) || + (pathInfo.equals("")) || + (pathInfo.substring(1) == null) || + (pathInfo.substring(1).equals(""))) { + throw new Exception("OCSPServlet: OCSP request not provided in GET method"); + } + is = new ByteArrayInputStream( + com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); } // (1) retrieve OCSP request @@ -183,22 +182,23 @@ public class OCSPServlet extends CMSServlet { OCSPResponse response = null; try { - OCSPRequest.Template reqTemplate = - new OCSPRequest.Template(); + OCSPRequest.Template reqTemplate = + new OCSPRequest.Template(); - if ( (is == null) || - (is.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: OCSP request is " + if ((is == null) || + (is.toString().equals(""))) { + throw new Exception("OCSPServlet: OCSP request is " + "empty or malformed"); } ocspReq = (OCSPRequest) reqTemplate.decode(is); - if ( (ocspReq == null) || - (ocspReq.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: Decoded OCSP request " + if ((ocspReq == null) || + (ocspReq.toString().equals(""))) { + throw new Exception("OCSPServlet: Decoded OCSP request " + "is empty or malformed"); } response = ((IOCSPService) mAuthority).validate(ocspReq); - } catch (Exception e) {; + } catch (Exception e) { + ; CMS.debug("OCSPServlet: " + e.toString()); } @@ -219,8 +219,8 @@ public class OCSPServlet extends CMSServlet { CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq))); TBSRequest tbsReq = ocspReq.getTBSRequest(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); - CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); + com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); + CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); } CMS.debug("OCSPServlet: OCSP Response Size:"); CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length)); @@ -232,17 +232,17 @@ public class OCSPServlet extends CMSServlet { } else if (rbytes.getObjectIdentifier().equals( ResponseBytes.OCSP_BASIC)) { BasicOCSPResponse basicRes = (BasicOCSPResponse) - BasicOCSPResponse.getTemplate().decode( - new ByteArrayInputStream(rbytes.getResponse().toByteArray())); + BasicOCSPResponse.getTemplate().decode( + new ByteArrayInputStream(rbytes.getResponse().toByteArray())); if (basicRes == null) { CMS.debug("Basic Res is null"); } else { ResponseData data = basicRes.getResponseData(); for (int i = 0; i < data.getResponseCount(); i++) { SingleResponse res = data.getResponseAt(i); - CMS.debug("Serial Number: " + - res.getCertID().getSerialNumber() + - " Status: " + + CMS.debug("Serial Number: " + + res.getCertID().getSerialNumber() + + " Status: " + res.getCertStatus().getClass().getName()); } } @@ -250,14 +250,14 @@ public class OCSPServlet extends CMSServlet { } httpResp.setContentType("application/ocsp-response"); - + httpResp.setContentLength(respbytes.length); OutputStream ooss = httpResp.getOutputStream(); ooss.write(respbytes); ooss.flush(); if (statsSub != null) { - statsSub.endTiming("ocsp"); + statsSub.endTiming("ocsp"); } mRenderResult = false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java index 3ec72bb8..d747bd4b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Configure the CA to no longer respond to OCSP requests for a CA - * + * * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $ */ public class RemoveCAServlet extends CMSServlet { @@ -58,12 +56,12 @@ public class RemoveCAServlet extends CMSServlet { private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; public RemoveCAServlet() { super(); @@ -72,7 +70,7 @@ public class RemoveCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,18 +88,15 @@ public class RemoveCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param ca id. The format is string. - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when - * a CA is attempted to be removed from the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS - * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when - * a remove CA request to the OCSP Responder is processed successfully or not. + * <li>http.param ca id. The format is string. + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a CA is attempted to be removed from the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when a remove CA request to the OCSP Responder is processed successfully or not. * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -132,9 +127,9 @@ public class RemoveCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -142,79 +137,78 @@ public class RemoveCAServlet extends CMSServlet { CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid); + CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } - String caID = cmsReq.getHttpReq().getParameter("caID"); - + String caID = cmsReq.getHttpReq().getParameter("caID"); - if (caID == null) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + if (caID == null) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); - } + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); + } - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, auditSubjectID, ILogger.SUCCESS, caID); - audit( auditMessage ); + audit(auditMessage); - IDefStore defStore = mOCSPAuthority.getDefaultStore(); + IDefStore defStore = mOCSPAuthority.getDefaultStore(); - try { - defStore.deleteCRLIssuingPointRecord(caID); + try { + defStore.deleteCRLIssuingPointRecord(caID); - } catch (EBaseException e) { + } catch (EBaseException e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - caID); - audit( auditMessage ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + caID); + audit(auditMessage); - CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); - throw new EBaseException(e.toString()); + CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); + throw new EBaseException(e.toString()); } CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - caID); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + caID); + audit(auditMessage); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 1e44dad1..f2b3f57a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process CMC messages according to RFC 2797 * See http://www.ietf.org/rfc/rfc2797.txt - * + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -95,18 +93,18 @@ public class CMCProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; @@ -114,17 +112,16 @@ public class CMCProcessor extends PKIProcessor { try { byte[] cmcBlob = CMS.AtoB(cmc); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + new ByteArrayInputStream(cmcBlob); org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - if - (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) + if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); SignedData cmcFullReq = (SignedData) - cmcReq.getInterpretedContent(); + cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); @@ -132,7 +129,7 @@ public class CMCProcessor extends PKIProcessor { if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); @@ -144,7 +141,7 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); @@ -158,7 +155,7 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); CertificationRequest p10 = - tcr.getCertificationRequest(); + tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); @@ -195,7 +192,7 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); } else { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); @@ -209,12 +206,12 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); + (AlgorithmIdentifier) dais.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + DigestAlgorithm.fromOID(dai.getOID()).toString(); MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -226,8 +223,8 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo) - sis.elementAt(i); + (org.mozilla.jss.pkix.cms.SignerInfo) + sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,8 +240,7 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if - (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -255,20 +251,19 @@ public class CMCProcessor extends PKIProcessor { for (int j = 0; j < numCerts; j++) { Certificate certJss = - (Certificate) certs.elementAt(j); + (Certificate) certs.elementAt(j); CertificateInfo certI = - certJss.getInfo(); + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if ( - new String(issuerB).equals(new + if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -296,8 +291,8 @@ public class CMCProcessor extends PKIProcessor { } else { } PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, - ((X509Key) signKey).getKey()); + PK11PubKey.fromRaw(keyType, + ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); } @@ -321,8 +316,7 @@ public class CMCProcessor extends PKIProcessor { j++; } if (signKey == null) { - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; @@ -352,7 +346,7 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numControls; i++) { TaggedAttribute control = - (TaggedAttribute) controls.elementAt(i); + (TaggedAttribute) controls.elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -364,7 +358,7 @@ public class CMCProcessor extends PKIProcessor { vals = new String[numVals]; for (int j = 0; j < numVals; j++) { ANY val = (ANY) - values.elementAt(j); + values.elementAt(j); INTEGER transId = (INTEGER) ((ANY) val).decodeWith( INTEGER.getTemplate()); @@ -374,17 +368,16 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { ANY val = (ANY) - values.elementAt(j); + values.elementAt(j); OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -409,27 +402,27 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - }catch (Exception e) { + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 27648758..dcfb3eae 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process CRMF requests, according to RFC 2511 * See http://www.ietf.org/rfc/rfc2511.txt - * + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -70,7 +68,7 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); @@ -84,22 +82,22 @@ public class CRMFProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof - * of possession is checked during certificate enrollment + * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof of possession is checked during certificate enrollment * </ul> + * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ private void verifyPOP(CertReqMsg certReqMsg) - throws EBaseException { + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -118,59 +116,59 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch( EBaseException eAudit1 ) { + } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -205,21 +203,21 @@ public class CRMFProcessor extends PKIProcessor { if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); + new CertificateSubjectName(subject)); } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions @@ -243,10 +241,10 @@ public class CRMFProcessor extends PKIProcessor { for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -254,23 +252,23 @@ public class CRMFProcessor extends PKIProcessor { oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -283,7 +281,7 @@ public class CRMFProcessor extends PKIProcessor { // formulation. // -- CRMFfillCert if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -300,31 +298,31 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } /* catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - throw new ECMSGWException( - CMSGWResources.ERROR_CRMF_TO_CERTINFO); - } */ catch (InvalidKeyException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + throw new ECMSGWException( + CMSGWResources.ERROR_CRMF_TO_CERTINFO); + } */catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -333,10 +331,10 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); + new ByteArrayInputStream(crmfBlob); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -344,7 +342,7 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); @@ -360,15 +358,14 @@ public class CRMFProcessor extends PKIProcessor { return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java index d021f653..9139f888 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java @@ -17,19 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.common.CMSRequest; - /** * This represents the request parser. - * + * * @version $Revision$, $Date$ */ public interface IPKIProcessor { public void process(CMSRequest cmsReq) - throws EBaseException; + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java index cc035033..cfe9754a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * KeyGenProcess parses Certificate request matching the * KEYGEN tag format used by Netscape Communicator 4.x - * + * * @version $Revision$, $Date$ */ public class KeyGenProcessor extends PKIProcessor { @@ -56,13 +54,13 @@ public class KeyGenProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("KeyGenProcessor: fillCertInfo"); @@ -72,7 +70,7 @@ public class KeyGenProcessor extends PKIProcessor { KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( PKIProcessor.SUBJECT_KEYGEN_INFO, null); - + // fill key X509Key key = null; @@ -80,20 +78,20 @@ public class KeyGenProcessor extends PKIProcessor { if (key == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); } try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - "Could not set key into certInfo from keygen. Error " + e); + "Could not set key into certInfo from keygen. Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } String authMgr = mServlet.getAuthMgr(); @@ -106,12 +104,12 @@ public class KeyGenProcessor extends PKIProcessor { if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // allow special case for agent gateway in admin enroll // and bulk issuance. - if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && - !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && + !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } fillCertInfoFromForm(certInfo, httpParams); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 53d38455..dad4b64a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -46,12 +45,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * PKCS10Processor process Certificate Requests in * PKCS10 format, as defined here: * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -61,7 +59,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -71,24 +69,24 @@ public class PKCS10Processor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } - public void fillCertInfo( - PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo( + PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { PKCS10 p10 = null; @@ -99,8 +97,8 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); - throw new EBaseException( "p10 is null" ); + CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); + throw new EBaseException("p10 is null"); } if (mServlet == null) { @@ -123,7 +121,7 @@ public class PKCS10Processor extends PKIProcessor { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -140,31 +138,31 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); + new CertificateSubjectName(subject)); log(ILogger.LL_INFO, - "Setting subject name " + subject + " from p10."); + "Setting subject name " + subject + " from p10."); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } @@ -177,12 +175,12 @@ public class PKCS10Processor extends PKIProcessor { if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( PKCS9Attribute.EXTENSION_REQUEST_OID)) { Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -196,23 +194,23 @@ public class PKCS10Processor extends PKIProcessor { } } CMS.debug( - "PKCS10Processor: Seted cert extensions from pkcs10. "); + "PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } @@ -223,8 +221,8 @@ public class PKCS10Processor extends PKIProcessor { String authMgr = mServlet.getAuthMgr(); if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && - !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && + !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,12 +231,12 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } private PKCS10 getPKCS10(IArgBlock httpParams) - throws EBaseException { + throws EBaseException { PKCS10 pkcs10 = null; @@ -277,7 +275,7 @@ public class PKCS10Processor extends PKIProcessor { try { // coming from server cut & paste blob. pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); - }catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } @@ -286,4 +284,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java index 625808d7..df7b0c3d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process Certificate Requests - * + * * @version $Revision$, $Date$ */ public class PKIProcessor implements IPKIProcessor { @@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor { public static final String PKCS10_REQUEST = "pkcs10Request"; public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo"; - protected CMSRequest mRequest = null; + protected CMSRequest mRequest = null; protected HttpServletRequest httpReq = null; protected String mServletId = null; @@ -84,18 +82,18 @@ public class PKIProcessor implements IPKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } protected void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } protected X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { return null; } @@ -106,8 +104,8 @@ public class PKIProcessor implements IPKIProcessor { * requests not authenticated will need to be approved by an agent. */ public static void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -116,60 +114,60 @@ public class PKIProcessor implements IPKIProcessor { // subject name. try { String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } // extensions try { CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -177,14 +175,14 @@ public class PKIProcessor implements IPKIProcessor { } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } @@ -195,8 +193,8 @@ public class PKIProcessor implements IPKIProcessor { * all be seen by and agent. */ public static void fillCertInfoFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillCertInfoFromForm"); // subject name. @@ -205,41 +203,41 @@ public class PKIProcessor implements IPKIProcessor { if (subject == null) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); } X500Name x500name = new X500Name(subject); certInfo.set( - X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); + X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); fillValidityFromForm(certInfo, httpParams); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IllegalArgumentException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); + CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); + CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); } // requested extensions. // let polcies form extensions from http input. } - public static void fillValidityFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillValidityFromForm( + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillValidityFromForm!"); try { String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null); @@ -267,43 +265,43 @@ public class PKIProcessor implements IPKIProcessor { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + "cert validity set to " + validity + " from authtoken"); } } } } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } } /** * log according to authority category. */ - public static void log(int event, int level, String msg) { + public static void log(int event, int level, String msg) { CMS.getLogger().log(event, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } public static void log(int level, String msg) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } /** * Signed Audit Log - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -315,20 +313,20 @@ public class PKIProcessor implements IPKIProcessor { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * + * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "SubjectID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -358,4 +356,3 @@ public class PKIProcessor implements IPKIProcessor { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index da24d2c2..dafdb33d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -59,10 +57,10 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -73,7 +71,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,13 +82,12 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an - * agent approves/disapproves a cert profile set by the administrator for - * automatic approval + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert profile set by the administrator for automatic approval * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -126,8 +123,8 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); @@ -153,12 +150,12 @@ public class ProfileApproveServlet extends ProfileServlet { mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -214,8 +211,8 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -236,8 +233,8 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -265,31 +262,31 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; + return; + } + } else { + ps.disableProfile(profileId); } - } else { - ps.disableProfile(profileId); - } } else { ps.enableProfile(profileId, userid); } @@ -305,8 +302,8 @@ public class ProfileApproveServlet extends ProfileServlet { audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -356,8 +353,8 @@ public class ProfileApproveServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -386,13 +383,13 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + profile.getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters // into string http parameters handlePolicy(list, response, locale, - id, policy); + id, policy); } ArgSet setArg = new ArgSet(); @@ -403,8 +400,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -413,8 +410,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -434,19 +431,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -463,11 +460,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * + * * This method is called to obtain the "ProfileID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -493,14 +490,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * + * * This method is called to obtain the "Profile Operation" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, - * or SIGNED_AUDIT_EMPTY_VALUE + * or SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -509,12 +506,12 @@ public class ProfileApproveServlet extends ProfileServlet { } if (mProfileSubId == null || - mProfileSubId.equals("")) { + mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -533,4 +530,3 @@ public class ProfileApproveServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java index 4da41f7a..8581b3ca 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * List all enabled profiles. - * + * * @version $Revision$, $Date$ */ public class ProfileListServlet extends ProfileServlet { @@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileListServlet() { super(); @@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -93,10 +91,10 @@ public class ProfileListServlet extends ProfileServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,17 +113,17 @@ public class ProfileListServlet extends ProfileServlet { } CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + - mProfileSubId + " not found"); + CMS.debug("ProfileListServlet: ProfileSubsystem " + + mProfileSubId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; - } + } ArgList list = new ArgList(); Enumeration e = ps.getProfileIds(); @@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet { profile = ps.getProfile(id); } catch (EBaseException e1) { // skip bad profile - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped) " + e1.toString()); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped) " + e1.toString()); continue; } if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped)"); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped)"); continue; } @@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet { ArgSet profileArgs = new ArgSet(); profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); + Boolean.toString(ps.isProfileEnable(id))); profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); + ps.getProfileEnableBy(id)); profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + profileArgs.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); profileArgs.set(ARG_PROFILE_NAME, name); profileArgs.set(ARG_PROFILE_DESC, desc); list.add(profileArgs); - + } } args.set(ARG_RECORD, list); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index 33233275..ede2416e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet approves profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { @@ -79,9 +77,9 @@ public class ProfileProcessServlet extends ProfileServlet { private Nonces mNonces = null; private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = - "requestNotes"; + "requestNotes"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } @@ -103,9 +101,9 @@ public class ProfileProcessServlet extends ProfileServlet { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("approval", true /* main action */); + statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; @@ -119,13 +117,13 @@ public class ProfileProcessServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -138,10 +136,10 @@ public class ProfileProcessServlet extends ProfileServlet { mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,7 +148,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -171,7 +169,7 @@ public class ProfileProcessServlet extends ProfileServlet { } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } - CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified); + CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -194,7 +192,7 @@ public class ProfileProcessServlet extends ProfileServlet { } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); @@ -203,7 +201,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -213,13 +211,13 @@ public class ProfileProcessServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -227,13 +225,13 @@ public class ProfileProcessServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileProcessServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -247,7 +245,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileProcessServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - // check if the request is in one of the terminal states + // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -296,7 +294,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -309,20 +307,19 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileProcessServlet: profile not found " + - " " + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: profile not found " + + " " + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -348,12 +345,11 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); @@ -375,7 +371,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -414,14 +410,14 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } // commit request to the storage - if (!op.equals("validate")) { + if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); @@ -429,40 +425,40 @@ public class ProfileProcessServlet extends ProfileServlet { queue.updateRequest(req); } } catch (EBaseException e) { - CMS.debug("ProfileProcessServlet: Request commit error " + - e.toString()); + CMS.debug("ProfileProcessServlet: Request commit error " + + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution rejected " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution defered " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString())); } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", e.toString())); } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -475,15 +471,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } } - + public boolean grantPermission(IRequest req, IAuthToken token) { try { boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", - false); + false); if (!enable) return true; String owner = req.getRequestOwner(); @@ -496,32 +492,32 @@ public class ProfileProcessServlet extends ProfileServlet { return true; } catch (Exception e) { } - + return false; } /** * Check if the request creation time is older than the profile - * lastModified attribute. + * lastModified attribute. */ - protected void checkProfileVersion(IProfile profile, IRequest req, - Locale locale) throws EProfileException { + protected void checkProfileVersion(IProfile profile, IRequest req, + Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { - lastModified = profileConfig.getString("lastModified",""); + lastModified = profileConfig.getString("lastModified", ""); } catch (EBaseException e) { - CMS.debug(e.toString()); - throw new EProfileException( e.toString() ); + CMS.debug(e.toString()); + throw new EProfileException(e.toString()); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); - CMS.debug("ProfileProcessServlet: Profile Last Modified=" + - profileModifiedAt); + CMS.debug("ProfileProcessServlet: Profile Last Modified=" + + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); - CMS.debug("ProfileProcessServlet: Request Created At=" + - reqCreatedAt); + CMS.debug("ProfileProcessServlet: Request Created At=" + + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); @@ -531,18 +527,18 @@ public class ProfileProcessServlet extends ProfileServlet { } protected void assignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { req.setRequestOwner(""); } @@ -551,14 +547,13 @@ public class ProfileProcessServlet extends ProfileServlet { * Cancel request * <P> * - * (Certificate Request Processed - a manual "agent" profile based cert - * cancellation) + * (Certificate Request Processed - a manual "agent" profile based cert cancellation) * <P> * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -566,12 +561,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -608,14 +603,13 @@ public class ProfileProcessServlet extends ProfileServlet { * Reject request * <P> * - * (Certificate Request Processed - a manual "agent" profile based cert - * rejection) + * (Certificate Request Processed - a manual "agent" profile based cert rejection) * <P> * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -623,12 +617,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -665,14 +659,13 @@ public class ProfileProcessServlet extends ProfileServlet { * Approve request * <P> * - * (Certificate Request Processed - a manual "agent" profile based cert - * acceptance) + * (Certificate Request Processed - a manual "agent" profile based cert acceptance) * <P> * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -680,12 +673,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ - protected void approveRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + protected void approveRequest(ServletRequest request, ArgSet args, + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -709,33 +702,33 @@ public class ProfileProcessServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = - outputNames.nextElement(); + outputNames.nextElement(); IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, - outputName); + profileOutput.getValueDescriptor(locale, + outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = - outputDesc.getConstraint(); + outputDesc.getConstraint(); String outputValueName = - outputDesc.getDescription(locale); + outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( - outputName, + outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + - e.toString()); + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, - outputConstraint); + outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); @@ -775,13 +768,12 @@ public class ProfileProcessServlet extends ProfileServlet { CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); - } } - protected void updateValues(ServletRequest request, IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws ERejectException, EDeferException, EPropertyException { + protected void updateValues(ServletRequest request, IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); @@ -813,17 +805,17 @@ public class ProfileProcessServlet extends ProfileServlet { } } - protected void validate(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws ERejectException, EDeferException { + protected void validate(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws ERejectException, EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } - protected void setValue(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws EPropertyException { + protected void setValue(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); @@ -838,11 +830,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -868,11 +860,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Value - * + * * This method is called to obtain the "reason" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return reason string containing the signed audit log message reason */ @@ -887,7 +879,7 @@ public class ProfileProcessServlet extends ProfileServlet { if (request != null) { // overwrite "reason" if and only if "info" != null String info = - request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); + request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); @@ -904,11 +896,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -941,7 +933,7 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { + if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } @@ -961,4 +953,3 @@ public class ProfileProcessServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java index 00840dd8..11aaa749 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; import java.util.Random; @@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet allows reviewing of profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileReviewServlet extends ProfileServlet { @@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private Random mRandom = null; private Nonces mNonces = null; @@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet { * <ul> * <li>http.param requestId the ID of the profile to review * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -120,13 +118,13 @@ public class ProfileReviewServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ReviewReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; - } + } } AuthzToken authzToken = null; @@ -136,15 +134,15 @@ public class ProfileReviewServlet extends ProfileServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; @@ -158,7 +156,7 @@ public class ProfileReviewServlet extends ProfileServlet { } CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); @@ -174,7 +172,7 @@ public class ProfileReviewServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -185,7 +183,7 @@ public class ProfileReviewServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileReviewServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -201,8 +199,8 @@ public class ProfileReviewServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -214,16 +212,16 @@ public class ProfileReviewServlet extends ProfileServlet { String profileId = req.getExtDataInString("profileId"); - CMS.debug("ProfileReviewServlet: requestId=" + - requestId + " profileId=" + profileId); + CMS.debug("ProfileReviewServlet: requestId=" + + requestId + " profileId=" + profileId); IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" + - requestId + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: profile not found requestId=" + + requestId + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -232,27 +230,27 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + String profileSetId = req.getExtDataInString("profileSetId"); CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)? - profile.getProfilePolicyIds(profileSetId): null; + Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? + profile.getProfilePolicyIds(profileSetId) : null; int count = 0; ArgList list = new ArgList(); if (policyIds != null) { - while (policyIds.hasMoreElements()) { + while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(req.getExtDataInString("profileSetId"), - id); + profile.getProfilePolicy(req.getExtDataInString("profileSetId"), + id); // (3) query all the profile policies // (4) default plugins convert request parameters into string // http parameters handlePolicy(list, response, locale, - id, policy, req); + id, policy, req); count++; } } @@ -269,34 +267,34 @@ public class ProfileReviewServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); + args.set(ARG_REQUEST_OWNER, ""); } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); + args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); } args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, - req.getModificationTime().toString()); + args.set(ARG_REQUEST_MODIFICATION_TIME, + req.getModificationTime().toString()); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); + args.set(ARG_PROFILE_APPROVED_BY, + req.getExtDataInString("profileApprovedBy")); args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); + args.set(ARG_PROFILE_IS_VISIBLE, "true"); } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); + args.set(ARG_PROFILE_IS_VISIBLE, "false"); } args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); + args.set(ARG_PROFILE_REMOTE_HOST, + req.getExtDataInString("profileRemoteHost")); + args.set(ARG_PROFILE_REMOTE_ADDR, + req.getExtDataInString("profileRemoteAddr")); if (req.getExtDataInString("requestNotes") == null) { args.set(ARG_REQUEST_NOTES, ""); } else { - args.set(ARG_REQUEST_NOTES, - req.getExtDataInString("requestNotes")); + args.set(ARG_REQUEST_NOTES, + req.getExtDataInString("requestNotes")); } args.set(ARG_RECORD, list); @@ -358,7 +356,7 @@ public class ProfileReviewServlet extends ProfileServlet { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); IProfileOutput profileOutput = profile.getProfileOutput(outputId - ); + ); Enumeration outputNames = profileOutput.getValueNames(); @@ -366,9 +364,9 @@ public class ProfileReviewServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement - (); + (); IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; @@ -382,7 +380,7 @@ public class ProfileReviewServlet extends ProfileServlet { locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString( - )); + )); } outputset.set(ARG_OUTPUT_ID, outputName); @@ -401,9 +399,9 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, - IRequest req) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy, + IRequest req) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java index 813af8f6..462c628b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Retrieve detailed information of a particular profile. - * + * * @version $Revision$, $Date$ */ public class ProfileSelectServlet extends ProfileServlet { @@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet { */ private static final long serialVersionUID = -3765390650830903602L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileSelectServlet() { } @@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet { * <ul> * <li>http.param profileId the id of the profile to select * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -96,7 +94,7 @@ public class ProfileSelectServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProcessReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); @@ -112,10 +110,10 @@ public class ProfileSelectServlet extends ProfileServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -134,7 +132,7 @@ public class ProfileSelectServlet extends ProfileServlet { } CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); @@ -150,7 +148,7 @@ public class ProfileSelectServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -161,7 +159,7 @@ public class ProfileSelectServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileSelectServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -179,8 +177,8 @@ public class ProfileSelectServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" + - profileId + " " + e.toString()); + CMS.debug("ProfileSelectServlet: profile not found profileId=" + + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -189,7 +187,7 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + ArgList setlist = new ArgList(); Enumeration policySetIds = profile.getProfilePolicySetIds(); @@ -204,13 +202,13 @@ public class ProfileSelectServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + profile.getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters into string // http parameters handlePolicy(list, response, locale, - id, policy); + id, policy); } } ArgSet setArg = new ArgSet(); @@ -224,29 +222,29 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); + args.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set("transportCert", - CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } + boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); + if (keyArchivalEnabled == true) { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); + + // output transport certificate if present + args.set("transportCert", + CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); + } else { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); + args.set("transportCert", ""); + } } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:"+e.toString()); + CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); } // build authentication @@ -259,7 +257,7 @@ public class ProfileSelectServlet extends ProfileServlet { // authenticator not installed correctly args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", + "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId())); outputTemplate(request, response, args); return; @@ -272,8 +270,8 @@ public class ProfileSelectServlet extends ProfileServlet { while (authNames.hasMoreElements()) { ArgSet authset = new ArgSet(); String authName = (String) authNames.nextElement(); - IDescriptor authDesc = - authenticator.getValueDescriptor(locale, authName); + IDescriptor authDesc = + authenticator.getValueDescriptor(locale, authName); if (authDesc == null) continue; @@ -291,8 +289,8 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_AUTH_LIST, authlist); args.set(ARG_AUTH_NAME, authenticator.getName(locale)); args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); + args.set(ARG_AUTH_IS_SSL, + Boolean.toString(authenticator.isSSLClientRequired())); } // build input list @@ -309,10 +307,10 @@ public class ProfileSelectServlet extends ProfileServlet { ArgSet inputpluginset = new ArgSet(); inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_NAME, + profileInput.getName(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_DESC, + profileInput.getText(locale)); inputPluginlist.add(inputpluginset); Enumeration inputNames = profileInput.getValueNames(); @@ -352,8 +350,8 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 46f3797d..368e3659 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileReader; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.Utils; - /** * This servlet is the base class of all profile servlets. - * + * * @version $Revision$, $Date$ */ public class ProfileServlet extends CMSServlet { @@ -67,12 +65,12 @@ public class ProfileServlet extends CMSServlet { public final static String ARG_REQUEST_ID = "requestId"; public final static String ARG_REQUEST_TYPE = "requestType"; public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = - "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = - "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = - "requestModificationTime"; + public final static String ARG_REQUEST_OWNER = + "requestOwner"; + public final static String ARG_REQUEST_CREATION_TIME = + "requestCreationTime"; + public final static String ARG_REQUEST_MODIFICATION_TIME = + "requestModificationTime"; public final static String ARG_REQUEST_NONCE = "nonce"; public final static String ARG_AUTH_ID = "authId"; @@ -166,15 +164,15 @@ public class ProfileServlet extends CMSServlet { super(); } - /** + /** * initialize the servlet. Servlets implementing this method * must specify the template to use as a parameter called * "templatePath" in the servletConfig - * + * * @param sc servlet configuration, read from the web.xml file */ - public void init(ServletConfig sc) throws ServletException { + public void init(ServletConfig sc) throws ServletException { super.init(sc); mTemplate = sc.getServletContext().getRealPath( sc.getInitParameter(PROP_TEMPLATE)); @@ -193,47 +191,44 @@ public class ProfileServlet extends CMSServlet { } } - protected String escapeXML(String v) - { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; + protected String escapeXML(String v) { + if (v == null) { + return ""; + } + v = v.replaceAll("&", "&"); + return v; } - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) - { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList)v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString)v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet)v; - ps.println("<set>"); - Enumeration names = set.getNames(); - while (names.hasMoreElements()) { - String n = (String)names.nextElement(); + protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { + ps.println("<" + name + ">"); + if (v != null) { + if (v instanceof ArgList) { + ArgList list = (ArgList) v; + ps.println("<list>"); + for (int i = 0; i < list.size(); i++) { + outputArgValueAsXML(ps, name, list.get(i)); + } + ps.println("</list>"); + } else if (v instanceof ArgString) { + ArgString str = (ArgString) v; + ps.println(escapeXML(str.getValue())); + } else if (v instanceof ArgSet) { + ArgSet set = (ArgSet) v; + ps.println("<set>"); + Enumeration names = set.getNames(); + while (names.hasMoreElements()) { + String n = (String) names.nextElement(); outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); - } + } + ps.println("</set>"); + } else { + ps.println(v); } - ps.println("</" + name + ">"); + } + ps.println("</" + name + ">"); } - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) - { + protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { PrintStream ps = new PrintStream(bos); ps.println("<xml>"); outputArgValueAsXML(ps, "output", args); @@ -241,9 +236,9 @@ public class ProfileServlet extends CMSServlet { ps.flush(); } - public void outputTemplate(HttpServletRequest request, + public void outputTemplate(HttpServletRequest request, HttpServletResponse response, ArgSet args) - throws EBaseException { + throws EBaseException { String xmlOutput = request.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { @@ -251,32 +246,31 @@ public class ProfileServlet extends CMSServlet { ByteArrayOutputStream bos = new ByteArrayOutputStream(); outputThisAsXML(bos, args); try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); + response.setContentLength(bos.size()); + bos.writeTo(response.getOutputStream()); } catch (Exception e) { CMS.debug("outputTemplate error " + e); } return; } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("output_template"); + statsSub.startTiming("output_template"); } BufferedReader reader = null; try { reader = new BufferedReader( - new FileReader(mTemplate)); + new FileReader(mTemplate)); response.setContentType("text/html; charset=UTF-8"); PrintWriter writer = response.getWriter(); - // output template String line = null; do { - line = reader.readLine(); + line = reader.readLine(); if (line != null) { if (line.indexOf("<CMS_TEMPLATE>") == -1) { writer.println(line); @@ -287,21 +281,20 @@ public class ProfileServlet extends CMSServlet { writer.println("</script>"); } } - } - while (line != null); + } while (line != null); reader.close(); } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); + CMS.debug(e); + throw new EBaseException(e.toString()); } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } + if (statsSub != null) { + statsSub.endTiming("output_template"); + } } } protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { + throws IOException { String h_name = null; @@ -342,27 +335,27 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -421,18 +414,18 @@ public class ProfileServlet extends CMSServlet { } protected void outputArgString(PrintWriter writer, String name, ArgString str) - throws IOException { + throws IOException { String s = str.getValue(); // sub \n with "\n" if (s != null) { - s = escapeJavaScriptString(s); + s = escapeJavaScriptString(s); } writer.println(name + "=\"" + s + "\";"); } protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { + throws IOException { Enumeration e = set.getNames(); while (e.hasMoreElements()) { @@ -456,7 +449,7 @@ public class ProfileServlet extends CMSServlet { } protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { + throws IOException { if (set == null) return; Enumeration e = set.getNames(); @@ -486,12 +479,12 @@ public class ProfileServlet extends CMSServlet { */ protected void log(int event, int level, String msg) { mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + "Servlet " + mId + ": " + msg); } /** @@ -512,8 +505,7 @@ public class ProfileServlet extends CMSServlet { } protected void renderResult(CMSRequest cmsReq) - throws IOException { + throws IOException { // do nothing } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index b00b13a9..3a2a91da 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.InputStream; import java.io.OutputStream; import java.security.cert.CertificateEncodingException; @@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMCOutputTemplate; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet submits end-user request into the profile framework. - * + * * @version $Revision$, $Date$ */ public class ProfileSubmitCMCServlet extends ProfileServlet { @@ -89,27 +87,26 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileSubmitCMCServlet() { } /** - * initialize the servlet. And instance of this servlet can + * initialize the servlet. And instance of this servlet can * be set up to always issue certificates against a certain profile * by setting the 'profileId' configuration in the servletConfig * If not, the user must specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } private void setInputsIntoRequest(HttpServletRequest request, IProfile -profile, IRequest req) { + profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -215,15 +212,14 @@ profile, IRequest req) { * Process the HTTP request * <P> * - * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> * <li>http.param profileId ID of profile to use to process request - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -233,8 +229,8 @@ profile, IRequest req) { Locale locale = getLocale(request); ArgSet args = new ArgSet(); - String cert_request_type = - mServletConfig.getInitParameter("cert_request_type"); + String cert_request_type = + mServletConfig.getInitParameter("cert_request_type"); String outputFormat = mServletConfig.getInitParameter("outputFormat"); int reqlen = request.getContentLength(); @@ -272,25 +268,25 @@ profile, IRequest req) { // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { + if (paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd")) { CMS.debug("ProfileSubmitCMCServlet Input Parameter " + paramName + "='(sensitive)'"); } else { CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='" + + paramName + "='" + request.getParameter(paramName) + "'"); } } @@ -303,8 +299,8 @@ profile, IRequest req) { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); @@ -317,7 +313,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -331,14 +327,14 @@ profile, IRequest req) { profileId = mProfileId; } - IProfile profile = null; + IProfile profile = null; - try { + try { CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + - profileId + " " + e.toString()); + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (profile == null) { CMCOutputTemplate template = new CMCOutputTemplate(); @@ -350,13 +346,13 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + + " not enabled"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -366,7 +362,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -386,8 +382,8 @@ profile, IRequest req) { if (authenticator == null) { CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitCMCServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } @@ -403,27 +399,27 @@ profile, IRequest req) { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { + if (authenticator != null) { try { authToken = authenticate(authenticator, request); // authentication success } catch (EBaseException e) { CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); + seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(e.toString()); + s = new UTF8String(e.toString()); } catch (Exception ee) { } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " + - e.toString()); + template.createFullResponseWithFailedStatus(response, seq, + OtherInfo.BAD_REQUEST, s); + CMS.debug("ProfileSubmitCMCServlet: authentication error " + + e.toString()); return; } @@ -433,9 +429,9 @@ profile, IRequest req) { CMS.debug("ProfileSubmitCMCServlet authToken not null"); try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString()); + CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString()); } } @@ -450,7 +446,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } } @@ -473,7 +469,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); @@ -486,17 +482,17 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { boolean verifyAllow = true; try { verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); + "cmc.lraPopWitness.verify.allow", true); } catch (EBaseException ee) { } @@ -505,18 +501,18 @@ profile, IRequest req) { SET vals = attr.getValues(); if (vals.size() > 0) { try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); CMCOutputTemplate template = new CMCOutputTemplate(); template.createFullResponseWithFailedStatus(response, bodyIds, - OtherInfo.POP_FAILED, null); + OtherInfo.POP_FAILED, null); return; } } @@ -524,25 +520,25 @@ profile, IRequest req) { // for CMC, requests may be zero. Then check if controls exist. if (reqs == null) { - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); CMCOutputTemplate template = new CMCOutputTemplate(); // if there is only one control GetCert, then simple response // must be returned. if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr1 != null) { template.createSimpleResponse(response, reqs); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); return; } String errorCode = null; - String errorReason = null; + String errorReason = null; /////////////////////////////////////////////// // populate request @@ -553,24 +549,24 @@ profile, IRequest req) { // serial auth token into request if (authToken != null) { - Enumeration tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = (String)tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + - tokenName + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, - val); - } - } - } - } + Enumeration tokenNames = authToken.getElements(); + while (tokenNames.hasMoreElements()) { + String tokenName = (String) tokenNames.nextElement(); + String[] vals = authToken.getInStringArray(tokenName); + if (vals != null) { + for (int i = 0; i < vals.length; i++) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", vals[i]); + } + } else { + String val = authToken.getInString(tokenName); + if (val != null) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + val); + } + } + } + } // put profile framework parameters into the request reqs[k].setExtData(ARG_PROFILE, "true"); @@ -589,7 +585,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -598,13 +594,13 @@ profile, IRequest req) { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitCMCServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitCMCServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -620,7 +616,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); @@ -635,7 +631,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } } @@ -652,23 +648,22 @@ profile, IRequest req) { /////////////////////////////////////////////// int error_codes[] = null; if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; + error_codes = new int[reqs.length]; for (int k = 0; k < reqs.length; k++) { try { // reset the "auditRequesterID" auditRequesterID = auditRequesterID(reqs[k]); - // print request debug if (reqs[k] != null) { - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String)reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String) reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -698,9 +693,9 @@ profile, IRequest req) { // need to notify INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, @@ -722,7 +717,7 @@ profile, IRequest req) { "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { @@ -730,7 +725,7 @@ profile, IRequest req) { } } catch (EBaseException e) { CMS.debug("ProfileSubmitCMCServlet: updateRequest " + - e.toString()); + e.toString()); } if (errorCode != null) { @@ -778,36 +773,36 @@ profile, IRequest req) { // output output list /////////////////////////////////////////////// - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { - - if (outputFormat != null &&outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer)(context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } + CMS.debug("ProfileSubmitCMCServlet: done serving"); + CMCOutputTemplate template = new CMCOutputTemplate(); + if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { + + if (outputFormat != null && outputFormat.equals("pkcs7")) { + byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); + response.setContentType("application/pkcs7-mime"); + response.setContentLength(pkcs7.length); + try { + OutputStream os = response.getOutputStream(); + os.write(pkcs7); + os.flush(); + } catch (Exception ee) { + } + return; + } + template.createSimpleResponse(response, reqs); + } else if (cert_request_type.equals("cmc")) { + Integer nums = (Integer) (context.get("numOfControls")); + if (nums != null && nums.intValue() == 1) { + TaggedAttribute attr1 = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + if (attr1 != null) { + template.createSimpleResponse(response, reqs); + return; + } + } + template.createFullResponse(response, reqs, cert_request_type, + error_codes); + } } finally { SessionContext.releaseContext(); } @@ -815,11 +810,11 @@ profile, IRequest req) { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -845,11 +840,11 @@ profile, IRequest req) { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 3f663619..613ff55e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.xml.XMLObject; - /** * This servlet submits end-user request into the profile framework. - * + * * @author Christina Fu (renewal support) * @version $Revision$, $Date$ */ @@ -97,34 +95,31 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - - - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; public ProfileSubmitServlet() { } /** - * initialize the servlet. And instance of this servlet can + * initialize the servlet. And instance of this servlet can * be set up to always issue certificates against a certain profile * by setting the 'profileId' configuration in the servletConfig * If not, the user must specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -185,7 +180,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + inputValue); ctx.set(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null"); @@ -196,8 +191,6 @@ public class ProfileSubmitServlet extends ProfileServlet { } - - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration<String> authIds = authenticator.getValueNames(); @@ -206,8 +199,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+ - authName); + CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" + + authName); if (request.getParameter(authName) != null) { CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request"); ctx.set(authName, request.getParameter(authName)); @@ -232,7 +225,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v); + CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + v); return v; } else { continue; @@ -246,66 +239,66 @@ public class ProfileSubmitServlet extends ProfileServlet { * to the session context */ public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request, IRequest origReq, SessionContext context) - throws EBaseException { - IAuthToken authToken = authenticate(authenticator, request); - // For renewal, fill in necessary params - if (authToken!= null) { - String ouid = origReq.getExtDataInString("auth_token.uid"); - // if the orig cert was manually approved, then there was - // no auth token uid. Try to get the uid from the cert dn - // itself, if possible - if (ouid == null) { - String sdn = (String) context.get("origSubjectDN"); - if (sdn != null) { - ouid = getUidFromDN(sdn); - if (ouid != null) - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); - } - String auid = authToken.getInString("uid"); - if (auid != null) { // not through ssl client auth - CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid); - // authenticated with uid - // put "orig_req.auth_token.uid" so that authz with - // UserOrigReqAccessEvaluator will work - if (ouid != null) { - context.put("orig_req.auth_token.uid", ouid); - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { // through ssl client auth? - CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); - // put in orig_req's uid - if (ouid != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken"); - authToken.set("uid", ouid); - context.put(SessionContext.USER_ID, ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); -// throw new EBaseException("origReq uid not found"); - } - } - - String userdn = origReq.getExtDataInString("auth_token.userdn"); - if (userdn != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken"); - authToken.set("userdn", userdn); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); -// throw new EBaseException("origReq userdn not found"); - } + HttpServletRequest request, IRequest origReq, SessionContext context) + throws EBaseException { + IAuthToken authToken = authenticate(authenticator, request); + // For renewal, fill in necessary params + if (authToken != null) { + String ouid = origReq.getExtDataInString("auth_token.uid"); + // if the orig cert was manually approved, then there was + // no auth token uid. Try to get the uid from the cert dn + // itself, if possible + if (ouid == null) { + String sdn = (String) context.get("origSubjectDN"); + if (sdn != null) { + ouid = getUidFromDN(sdn); + if (ouid != null) + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); + } + String auid = authToken.getInString("uid"); + if (auid != null) { // not through ssl client auth + CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + auid); + // authenticated with uid + // put "orig_req.auth_token.uid" so that authz with + // UserOrigReqAccessEvaluator will work + if (ouid != null) { + context.put("orig_req.auth_token.uid", ouid); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { // through ssl client auth? + CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); + // put in orig_req's uid + if (ouid != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + ouid + ". Setting authtoken"); + authToken.set("uid", ouid); + context.put(SessionContext.USER_ID, ouid); } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); + // throw new EBaseException("origReq uid not found"); } - return authToken; + } + + String userdn = origReq.getExtDataInString("auth_token.userdn"); + if (userdn != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + userdn + ". Setting authtoken"); + authToken.set("userdn", userdn); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); + // throw new EBaseException("origReq userdn not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + } + return authToken; } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -323,12 +316,12 @@ public class ProfileSubmitServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; @@ -387,7 +380,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + inputValue); req.setExtData(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null"); @@ -412,8 +405,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; @@ -423,7 +416,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String outputValue = null; try { - outputValue = profileOutput.getValue(outputName, + outputValue = profileOutput.getValue(outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); @@ -445,15 +438,14 @@ public class ProfileSubmitServlet extends ProfileServlet { * Process the HTTP request * <P> * - * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> * <li>http.param profileId ID of profile to use to process request - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -476,9 +468,9 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("xmlOutput false"); } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("enrollment", true /* main action */); + statsSub.startTiming("enrollment", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -488,7 +480,7 @@ public class ProfileSubmitServlet extends ProfileServlet { if (CMS.debugOn()) { CMS.debug("Start of ProfileSubmitServlet Input Parameters"); @SuppressWarnings("unchecked") - Enumeration<String> paramNames = request.getParameterNames(); + Enumeration<String> paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = paramNames.nextElement(); @@ -497,25 +489,25 @@ public class ProfileSubmitServlet extends ProfileServlet { // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { + if (paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd")) { CMS.debug("ProfileSubmitServlet Input Parameter " + paramName + "='(sensitive)'"); } else { CMS.debug("ProfileSubmitServlet Input Parameter " + - paramName + "='" + + paramName + "='" + request.getParameter(paramName) + "'"); } } @@ -528,22 +520,22 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found"); if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } @@ -562,10 +554,10 @@ public class ProfileSubmitServlet extends ProfileServlet { */ String renewal = request.getParameter("renewal"); boolean isRenewal = false; - if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) { + if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { CMS.debug("ProfileSubmitServlet: isRenewal true"); isRenewal = true; - request.setAttribute("reqType", (Object)"renewal"); + request.setAttribute("reqType", (Object) "renewal"); } else { CMS.debug("ProfileSubmitServlet: isRenewal false"); } @@ -593,11 +585,11 @@ public class ProfileSubmitServlet extends ProfileServlet { if (isRenewal) { // dig up the original request to "clone" renewProfileId = profileId; - CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId); + CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId); IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -608,7 +600,7 @@ public class ProfileSubmitServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -638,7 +630,7 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { // has ssl client cert @@ -646,45 +638,45 @@ public class ProfileSubmitServlet extends ProfileServlet { // shouldn't expect leaf cert to be always at the // same location X509Certificate clientCert = null; - for (int i = 0; i< certs.length; i++) { + for (int i = 0; i < certs.length; i++) { clientCert = certs[i]; - byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); + byte[] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { // found leaf cert - CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); + CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); break; } else { - CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); - // it's got BasicConstraints extension - // so it's not likely to be a leaf cert, - // however, check the isCA field regardless - try { - BasicConstraintsExtension bce = - new BasicConstraintsExtension(true, extBytes); - if (bce != null) { - if (!(Boolean)bce.get("is_ca")) { - CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+ + CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); + // it's got BasicConstraints extension + // so it's not likely to be a leaf cert, + // however, check the isCA field regardless + try { + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean) bce.get("is_ca")) { + CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); + break; + } // else found a ca cert, continue + } + } catch (Exception e) { + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; + } } } if (clientCert == null) { CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -694,10 +686,10 @@ public class ProfileSubmitServlet extends ProfileServlet { clientCert = new X509CertImpl(certEncoded); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -706,7 +698,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + certSerial.toString()); try { ICertificateRepository certDB = null; @@ -716,28 +708,28 @@ public class ProfileSubmitServlet extends ProfileServlet { if (certDB == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); - if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString()); + if (rec == null) { + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString()); // check to see if the cert is revoked or revoked_expired if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); + outputTemplate(request, response, args); + return; } MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); // note: CA's internal certs don't have request ids @@ -748,54 +740,54 @@ public class ProfileSubmitServlet extends ProfileServlet { if (rid != null) { origReq = queue.findRequest(new RequestId(rid)); if (origReq != null) { - CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid); + CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + rid); // debug: print the extData keys Enumeration<String> en = origReq.getExtDataKeys(); -/* - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); - while (en.hasMoreElements()) { - String next = (String) en.nextElement(); - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); - } - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); -*/ + /* + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); + while (en.hasMoreElements()) { + String next = (String) en.nextElement(); + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); + } + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); + */ String requestorE = origReq.getExtDataInString("requestor_email"); - CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE); + CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + requestorE); profileId = origReq.getExtDataInString("profileId"); if (profileId != null) - CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId); + CMS.debug("ProfileSubmitServlet: renewal original profileId=" + profileId); else { - CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - + } else { //if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid); + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString()); - CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"+": original request not found")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR" + ": original request not found")); + outputTemplate(request, response, args); + return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -803,96 +795,96 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter"); X509CertImpl origCert = rec.getCertificate(); origNotAfter = origCert.getNotAfter(); - CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+ - origNotAfter.toString()); + CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" + + origNotAfter.toString()); origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+ - origSubjectDN); + CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" + + origSubjectDN); } } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } // end isRenewal - IProfile profile = null; + IProfile profile = null; IProfile renewProfile = null; - try { - profile = ps.getProfile(profileId); + try { + profile = ps.getProfile(profileId); if (isRenewal) { // in case of renew, "profile" is the orig profile // while "renewProfile" is the current profile used for renewal - renewProfile = ps.getProfile(renewProfileId); + renewProfile = ps.getProfile(renewProfileId); } - } catch (EProfileException e) { - if(profile == null) { - CMS.debug("ProfileSubmitServlet: profile not found profileId " + - profileId + " " + e.toString()); + } catch (EProfileException e) { + if (profile == null) { + CMS.debug("ProfileSubmitServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (renewProfile == null) { CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + - renewProfileId + " " + e.toString()); + renewProfileId + " " + e.toString()); } } if (profile == null) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } return; } if (isRenewal && (renewProfile == null)) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + "CMS_PROFILE_NOT_FOUND", renewProfileId)); outputTemplate(request, response, args); } return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitServlet: Profile " + profileId + + " not enabled"); if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } if (isRenewal) { - if (!ps.isProfileEnable(renewProfileId)) { - CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + - " not enabled"); - if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } else { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - outputTemplate(request, response, args); + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + + " not enabled"); + if (xmlOutput) { + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputTemplate(request, response, args); + } + return; } - return; - } } IProfileContext ctx = profile.createContext(); @@ -909,40 +901,40 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EProfileException e) { // authenticator not installed correctly - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } if (authenticator == null) { CMS.debug("ProfileSubmitServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } // for renewal, this will override or add auth info to the profile context if (isRenewal) { - if (origAuthenticator!= null) { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + - origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } else { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); - } + if (origAuthenticator != null) { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } else { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); + } } CMS.debug("ProfileSubmistServlet: set Inputs into profile Context"); if (isRenewal) { - // for renewal, input needs to be retrieved from the orig req record + // for renewal, input needs to be retrieved from the orig req record CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context"); setInputsIntoContext(origReq, profile, ctx, locale); ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); } else { setInputsIntoContext(request, profile, ctx); } @@ -956,14 +948,14 @@ public class ProfileSubmitServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitServlet: set sslClientCertProvider"); if ((isRenewal == true) && (origSubjectDN != null)) - context.put("origSubjectDN", origSubjectDN); + context.put("origSubjectDN", origSubjectDN); if (statsSub != null) { - statsSub.startTiming("profile_authentication"); + statsSub.startTiming("profile_authentication"); } if (authenticator != null) { @@ -975,20 +967,20 @@ public class ProfileSubmitServlet extends ProfileServlet { //Attempt to possibly fetch attemped uid, may not always be available. if (authIds != null) { while (authIds.hasMoreElements()) { - String authName = authIds.nextElement(); - String value = request.getParameter(authName); + String authName = authIds.nextElement(); + String value = request.getParameter(authName); if (value != null) { - if (authName.equals("uid")) { - uid_attempted_cred = value; - } + if (authName.equals("uid")) { + uid_attempted_cred = value; + } } } } - String authSubjectID = auditSubjectID(); + String authSubjectID = auditSubjectID(); - String authMgrID = authenticator.getName(); - String auditMessage = null; + String authMgrID = authenticator.getName(); + String auditMessage = null; try { if (isRenewal) { CMS.debug("ProfileSubmitServlet: renewal authenticate begins"); @@ -998,22 +990,22 @@ public class ProfileSubmitServlet extends ProfileServlet { authToken = authenticate(authenticator, request); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: authentication error " + - e.toString()); + CMS.debug("ProfileSubmitServlet: authentication error " + + e.toString()); // authentication error if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("authentication"); + statsSub.endTiming("authentication"); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } //audit log our authentication failure @@ -1040,7 +1032,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } authSubjectID = authSubjectID + " : " + uid_cred; - + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, @@ -1052,7 +1044,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (statsSub != null) { - statsSub.endTiming("profile_authentication"); + statsSub.endTiming("profile_authentication"); } // authentication success @@ -1061,23 +1053,23 @@ public class ProfileSubmitServlet extends ProfileServlet { // do profile authorization String acl = null; if (isRenewal) - acl = renewProfile.getAuthzAcl(); + acl = renewProfile.getAuthzAcl(); else - acl = profile.getAuthzAcl(); - CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); + acl = profile.getAuthzAcl(); + CMS.debug("ProfileSubmitServlet: authz using acl: " + acl); if (acl != null && acl.length() > 0) { try { String resource = profileId + ".authz.acl"; AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); + CMS.debug("ProfileSubmitServlet authorize: " + e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); } @@ -1089,7 +1081,7 @@ public class ProfileSubmitServlet extends ProfileServlet { IRequest reqs[] = null; if (statsSub != null) { - statsSub.startTiming("request_population"); + statsSub.startTiming("request_population"); } /////////////////////////////////////////////// // create request @@ -1107,8 +1099,8 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { @@ -1119,18 +1111,18 @@ public class ProfileSubmitServlet extends ProfileServlet { } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } String errorCode = null; - String errorReason = null; + String errorReason = null; /////////////////////////////////////////////// // populate request @@ -1141,22 +1133,22 @@ public class ProfileSubmitServlet extends ProfileServlet { // adding parameters to request if (isRenewal) { - setInputsIntoRequest(origReq, profile, reqs[k], locale); - // set orig expiration date to be used in Validity constraint - reqs[k].setExtData("origNotAfter", - BigInteger.valueOf(origNotAfter.getTime())); - // set subjectDN to be used in subject name default - reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); - // set request type - reqs[k].setRequestType("renewal"); + setInputsIntoRequest(origReq, profile, reqs[k], locale); + // set orig expiration date to be used in Validity constraint + reqs[k].setExtData("origNotAfter", + BigInteger.valueOf(origNotAfter.getTime())); + // set subjectDN to be used in subject name default + reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); + // set request type + reqs[k].setRequestType("renewal"); } else - setInputsIntoRequest(request, profile, reqs[k]); + setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { Enumeration<String> tokenNames = authToken.getElements(); while (tokenNames.hasMoreElements()) { - String tokenName = tokenNames.nextElement(); + String tokenName = tokenNames.nextElement(); String[] tokenVals = authToken.getInStringArray(tokenName); if (tokenVals != null) { for (int i = 0; i < tokenVals.length; i++) { @@ -1181,7 +1173,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (fromRA) { - CMS.debug("ProfileSubmitServlet: request from RA: "+ uid); + CMS.debug("ProfileSubmitServlet: request from RA: " + uid); reqs[k].setExtData(ARG_REQUEST_OWNER, uid); } @@ -1200,13 +1192,13 @@ public class ProfileSubmitServlet extends ProfileServlet { outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } @@ -1216,13 +1208,13 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -1237,8 +1229,8 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { @@ -1250,18 +1242,18 @@ public class ProfileSubmitServlet extends ProfileServlet { } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } } if (statsSub != null) { - statsSub.endTiming("request_population"); + statsSub.endTiming("request_population"); } String auditMessage = null; @@ -1281,15 +1273,15 @@ public class ProfileSubmitServlet extends ProfileServlet { // print request debug if (reqs[k] != null) { - requestIds += " "+reqs[k].getRequestId().toString(); - Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + requestIds += " " + reqs[k].getRequestId().toString(); + Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -1319,9 +1311,9 @@ public class ProfileSubmitServlet extends ProfileServlet { // need to notify INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, @@ -1343,7 +1335,7 @@ public class ProfileSubmitServlet extends ProfileServlet { "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { @@ -1351,7 +1343,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EBaseException e) { CMS.debug("ProfileSubmitServlet: updateRequest " + - e.toString()); + e.toString()); } if (errorCode != null) { @@ -1396,7 +1388,7 @@ public class ProfileSubmitServlet extends ProfileServlet { ArgSet requestset = new ArgSet(); requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1405,7 +1397,7 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } @@ -1431,7 +1423,7 @@ public class ProfileSubmitServlet extends ProfileServlet { ArgSet requestset = new ArgSet(); requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1454,14 +1446,14 @@ public class ProfileSubmitServlet extends ProfileServlet { audit(auditMessage); if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } throw eAudit1; } finally { SessionContext.releaseContext(); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } } @@ -1473,19 +1465,19 @@ public class ProfileSubmitServlet extends ProfileServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length); + CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length); - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { Node subnode = xmlObj.createContainer(n, "Request"); xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); X509CertInfo certInfo = - reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); if (certInfo != null) { - String subject = ""; - subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); + String subject = ""; + subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); + xmlObj.addItemToContainer(subnode, "SubjectDN", subject); } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); + CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); } Enumeration<String> outputIds = profile.getProfileOutputIds(); if (outputIds != null) { @@ -1501,23 +1493,23 @@ public class ProfileSubmitServlet extends ProfileServlet { try { String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); if (outputName.equals("b64_cert")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl(bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl.getSerialNumber().toString(16)); - xmlObj.addItemToContainer(subnode, "b64", outputValue); + String ss = Cert.normalizeCertStrAndReq(outputValue); + outputValue = Cert.stripBrackets(ss); + byte[] bcode = CMS.AtoB(outputValue); + X509CertImpl impl = new X509CertImpl(bcode); + xmlObj.addItemToContainer(subnode, + "serialno", impl.getSerialNumber().toString(16)); + xmlObj.addItemToContainer(subnode, "b64", outputValue); }// if b64_cert else if (outputName.equals("pkcs7")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, "pkcs7", ss); + String ss = Cert.normalizeCertStrAndReq(outputValue); + xmlObj.addItemToContainer(subnode, "pkcs7", ss); } - + } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); } } } @@ -1534,11 +1526,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1564,11 +1556,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java index 989710e3..0114f632 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java @@ -32,9 +32,8 @@ public class SSLClientCertProvider implements ISSLClientCertProvider { public X509Certificate[] getClientCertificateChain() { X509Certificate[] allCerts = (X509Certificate[]) - mRequest.getAttribute("javax.servlet.request.X509Certificate"); + mRequest.getAttribute("javax.servlet.request.X509Certificate"); return allCerts; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 6a9ccac5..32ebd602 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.lang.reflect.Array; @@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.RawJS; - /** * Output a 'pretty print' of a certificate request - * + * * @version $Revision$, $Date$ */ public class CertReqParser extends ReqParser { - - public static final CertReqParser - DETAIL_PARSER = new CertReqParser(true); - public static final CertReqParser - NODETAIL_PARSER = new CertReqParser(false); + + public static final CertReqParser DETAIL_PARSER = new CertReqParser(true); + public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false); private boolean mDetails = true; private IPrettyPrintFormat pp = null; @@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser { /** * Constructs a certificate request parser. - * + * * @param details return detailed information (this can be time consuming) */ public CertReqParser(boolean details) { @@ -101,34 +97,30 @@ public class CertReqParser extends ReqParser { private static final String RB = "]"; private static final String EQ = " = "; - private static final String - HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; - private static final String - HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; - private static final String - AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; - private static final String - SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; + private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; + private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; + private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; + private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; /** * Fills in certificate specific request attributes. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) { - fillX509RequestIntoArg(l, req, argSet, arg); + fillX509RequestIntoArg(l, req, argSet, arg); } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) { - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } else { //o = req.get(IRequest.OLD_CERTS); //if (o != null) - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } } - + private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { - + throws EBaseException { + // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -138,13 +130,13 @@ public class CertReqParser extends ReqParser { Enumeration<String> enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; while (enum1.hasMoreElements()) { - String name = enum1.nextElement(); + String name = enum1.nextElement(); if (mDetails) { // show all http parameters stored in request. @@ -166,16 +158,16 @@ public class CertReqParser extends ReqParser { Enumeration<String> elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -186,16 +178,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -206,19 +198,19 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); Object authTokenValue = auth_token.getInStringArray(n); if (authTokenValue == null) { authTokenValue = auth_token.getInString(n); } String v = expandValue(prefix + parami + ".value", - authTokenValue); + authTokenValue); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } @@ -235,41 +227,40 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCert != null && issuedCert[0] != null) { - val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>"; + val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>"; } } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) { X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - val = "<pre>"+certInfo[0].toString()+"</pre>"; + val = "<pre>" + certInfo[0].toString() + "</pre>"; } } valstr = expandValue(prefix + parami + ".value", val); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -301,7 +292,7 @@ public class CertReqParser extends ReqParser { if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { // Get the certificate info from the request X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { // Get the subject name if any set. @@ -332,9 +323,9 @@ public class CertReqParser extends ReqParser { if (mDetails) { try { CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[0].get(X509CertInfo.ALGORITHM_ID); + certInfo[0].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); signatureAlgorithm = (algId.getOID()).toString(); signatureAlgorithmName = algId.getName(); @@ -362,36 +353,36 @@ public class CertReqParser extends ReqParser { // only know about ns cert type if (ext instanceof NSCertTypeExtension) { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) ext; + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) ext; try { arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER, - nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT, - nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL, - nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); + nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA, - nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA, - nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); + nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); } catch (Exception e) { } } else if (ext instanceof BasicConstraintsExtension) { - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) ext; + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) ext; Integer pathLength = null; Boolean isCA = null; @@ -410,8 +401,8 @@ public class CertReqParser extends ReqParser { IArgBlock rr = CMS.createArgBlock(); rr.addStringValue( - EXT_PRETTYPRINT, - CMS.getExtPrettyPrint(ext, 0).toString()); + EXT_PRETTYPRINT, + CMS.getExtPrettyPrint(ext, 0).toString()); argSet.addRepeatRecord(rr); } } @@ -440,9 +431,9 @@ public class CertReqParser extends ReqParser { if (key != null) { arg.addStringValue("subjectPublicKeyInfo", - key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); + key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); arg.addStringValue("subjectPublicKey", - pp.toHexString(key.getKey(), 0, 16)); + pp.toHexString(key.getKey(), 0, 16)); } // Get the validity period @@ -450,7 +441,7 @@ public class CertReqParser extends ReqParser { try { validity = - (CertificateValidity) + (CertificateValidity) certInfo[0].get(X509CertInfo.VALIDITY); if (validity != null) { long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; @@ -475,7 +466,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -483,10 +474,10 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16); // Set Serial No for 2nd certificate @@ -495,7 +486,7 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { X509CertImpl oldCert[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCert != null && oldCert.length > 0) { arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16); @@ -505,7 +496,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldCert[i].getSerialNumber(), 16); + oldCert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -526,7 +517,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert[i].getSerialNumber(), 16); + cert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } catch (IOException e) { @@ -535,16 +526,16 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) { - Hashtable<String, Object> fingerprints = - req.getExtDataInHashtable(IRequest.FINGERPRINTS); + Hashtable<String, Object> fingerprints = + req.getExtDataInHashtable(IRequest.FINGERPRINTS); if (fingerprints != null) { String namesAndHashes = null; Enumeration<String> enumFingerprints = fingerprints.keys(); - while (enumFingerprints.hasMoreElements()) { + while (enumFingerprints.hasMoreElements()) { String hashname = enumFingerprints.nextElement(); - String hashvalue = (String) fingerprints.get(hashname); + String hashvalue = (String) fingerprints.get(hashname); byte[] fingerprint = CMS.AtoB(hashvalue); String ppFingerprint = pp.toHexString(fingerprint, 0); @@ -578,7 +569,7 @@ public class CertReqParser extends ReqParser { StringBuffer sb = new StringBuffer(); for (@SuppressWarnings("unchecked") - Enumeration<String> n = ((Vector<String>)v).elements(); n.hasMoreElements(); j++) { + Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) { sb.append(";\n"); sb.append(valuename); sb.append(LB); @@ -588,8 +579,8 @@ public class CertReqParser extends ReqParser { sb.append("\""); sb.append( CMSTemplate.escapeJavaScriptStringHTML( - n.nextElement().toString())); - sb.append( "\";\n"); + n.nextElement().toString())); + sb.append("\";\n"); } sb.append("\n"); valstr = sb.toString(); @@ -599,7 +590,7 @@ public class CertReqParser extends ReqParser { // if an array. int len = -1; - try { + try { len = Array.getLength(v); } catch (IllegalArgumentException e) { } @@ -611,7 +602,7 @@ public class CertReqParser extends ReqParser { if (Array.get(v, i) != null) valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" + CMSTemplate.escapeJavaScriptStringHTML( - Array.get(v, i).toString()) + "\";\n"; + Array.get(v, i).toString()) + "\";\n"; } return valstr; } @@ -620,16 +611,16 @@ public class CertReqParser extends ReqParser { // if string or unrecognized type, just call its toString method. return valuename + "=\"" + - CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; } public String getRequestorDN(IRequest request) { try { X509CertInfo info = (X509CertInfo) - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); // retrieve the subject name CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -644,15 +635,15 @@ public class CertReqParser extends ReqParser { String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); if (cid == null) { - cid = ""; + cid = ""; } String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); if (uid == null) { - uid = ""; + uid = ""; } - kid = cid+":"+uid; + kid = cid + ":" + uid; if (kid.equals(":")) { - kid = ""; + kid = ""; } return kid; @@ -663,7 +654,7 @@ public class CertReqParser extends ReqParser { } private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -691,7 +682,7 @@ public class CertReqParser extends ReqParser { Enumeration<String> enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -714,16 +705,16 @@ public class CertReqParser extends ReqParser { Enumeration<String> elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -734,16 +725,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -754,16 +745,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String v = - expandValue(prefix + parami + ".value", - auth_token.getInString(n)); + String v = + expandValue(prefix + parami + ".value", + auth_token.getInString(n)); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } @@ -780,25 +771,24 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; valstr = expandValue(prefix + parami + ".value", val); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -837,7 +827,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - revokedCert[i].getSerialNumber(), 16); + revokedCert[i].getSerialNumber(), 16); CRLExtensions crlExtensions = revokedCert[i].getExtensions(); @@ -847,19 +837,19 @@ public class CertReqParser extends ReqParser { if (ext instanceof CRLReasonExtension) { rarg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); } } } else { rarg.addStringValue("reason", - RevocationReason.UNSPECIFIED.toString()); + RevocationReason.UNSPECIFIED.toString()); } argSet.addRepeatRecord(rarg); } } else { arg.addBigIntegerValue("serialNumber", - revokedCert[0].getSerialNumber(), 16); + revokedCert[0].getSerialNumber(), 16); } } } @@ -873,7 +863,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -884,8 +874,8 @@ public class CertReqParser extends ReqParser { //X509CertImpl oldCert[] = // (X509CertImpl[])req.get(IRequest.OLD_CERTS); Certificate oldCert[] = - (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); - + (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); + if (oldCert != null && oldCert.length > 0) { if (oldCert[0] instanceof X509CertImpl) { X509CertImpl xcert = (X509CertImpl) oldCert[0]; @@ -898,7 +888,7 @@ public class CertReqParser extends ReqParser { xcert = (X509CertImpl) oldCert[i]; rarg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); + xcert.getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -907,9 +897,9 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails && - req.getRequestType().equals("getRevocationInfo")) { - RevokedCertImpl revokedCert[] = - req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + req.getRequestType().equals("getRevocationInfo")) { + RevokedCertImpl revokedCert[] = + req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); if (revokedCert != null && revokedCert[0] != null) { boolean reasonFound = false; @@ -920,7 +910,7 @@ public class CertReqParser extends ReqParser { if (ext instanceof CRLReasonExtension) { arg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); reasonFound = true; } } @@ -931,5 +921,5 @@ public class CertReqParser extends ReqParser { } } } - + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 127f2ce8..001fab7f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check the status of a certificate request - * + * * @version $Revision$, $Date$ */ public class CheckRequest extends CMSServlet { @@ -116,15 +114,15 @@ public class CheckRequest extends CMSServlet { /** * Constructs request query servlet. */ - public CheckRequest() - throws EBaseException { + public CheckRequest() + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "requestStatus.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,12 +138,10 @@ public class CheckRequest extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param requestId ID of the request to check - * <li>http.param format if 'id', then check the request based on - * the request ID parameter. If set to CMC, then use the - * 'queryPending' parameter. + * <li>http.param format if 'id', then check the request based on the request ID parameter. If set to CMC, then use the 'queryPending' parameter. * <li>http.param queryPending query formatted as a CMC request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -166,10 +162,10 @@ public class CheckRequest extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -187,9 +183,9 @@ public class CheckRequest extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -212,13 +208,13 @@ public class CheckRequest extends CMSServlet { isCMCReq = true; byte[] cmcBlob = CMS.AtoB(queryPending); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + new ByteArrayInputStream(cmcBlob); org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); SignedData cmcFullReq = (SignedData) - cii.getInterpretedContent(); - + cii.getInterpretedContent(); + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); @@ -235,7 +231,7 @@ public class CheckRequest extends CMSServlet { for (int i = 0; i < numControls; i++) { // decode message. - TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); + TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) { @@ -246,18 +242,16 @@ public class CheckRequest extends CMSServlet { // We only process one for now. if (numReq > 0) { OCTET_STRING reqId = (OCTET_STRING) - ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(requestIds.elementAt(0))); + ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(requestIds.elementAt(0))); requestId = new String(reqId.toByteArray()); } } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { transIds = taggedAttr.getValues(); - }else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { rNonces = taggedAttr.getValues(); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { sNonces = taggedAttr.getValues(); } } @@ -276,7 +270,7 @@ public class CheckRequest extends CMSServlet { mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); } if (requestId == null || requestId.trim().equals("")) { @@ -289,34 +283,34 @@ public class CheckRequest extends CMSServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId)); throw new EBaseException( CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, requestOwner must match the group - String group = authToken.getInString("group"); - if ((group != null) && (group != "")) { - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String requestOwner = r.getExtDataInString("requestOwner"); - if (requestOwner != null) { - if (requestOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + // if RA, requestOwner must match the group + String group = authToken.getInString("group"); + if ((group != null) && (group != "")) { + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String requestOwner = r.getExtDataInString("requestOwner"); + if (requestOwner != null) { + if (requestOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); + throw new EBaseException( + CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } + } } - } } RequestStatus status = r.getRequestStatus(); @@ -327,35 +321,35 @@ public class CheckRequest extends CMSServlet { header.addStringValue(STATUS, status.toString()); header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000); header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000); - if (note != null && note.length() > 0) + if (note != null && note.length() > 0) header.addStringValue("requestNotes", note); String type = r.getRequestType(); Integer result = r.getExtDataInInteger(IRequest.RESULT); -/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { - X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); - IArgBlock rarg = CMS.createArgBlock(); + /* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { + X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); + IArgBlock rarg = CMS.createArgBlock(); - rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); - argSet.addRepeatRecord(rarg); - } -*/ + rarg.addBigIntegerValue("serialNumber", + cert.getSerialNumber(), 16); + argSet.addRepeatRecord(rarg); + } + */ String profileId = r.getExtDataInString("profileId"); if (profileId != null) { - result = IRequest.RES_SUCCESS; + result = IRequest.RES_SUCCESS; } if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) || - type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && - status.equals(RequestStatus.COMPLETE) && (result != null) && - result.equals(IRequest.RES_SUCCESS)) { + type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && + status.equals(RequestStatus.COMPLETE) && (result != null) && + result.equals(IRequest.RES_SUCCESS)) { Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (profileId != null) { - X509CertImpl impl[] = new X509CertImpl[1]; - impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - o = impl; + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + o = impl; } if (o != null && (o instanceof X509CertImpl[])) { X509CertImpl[] certs = (X509CertImpl[]) o; @@ -366,11 +360,12 @@ public class CheckRequest extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); // add pkcs7 cert for importing if (importCert || isCMCReq) { //byte[] ba = certs[i].getEncoded(); - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { if (certs[i].equals(mCACerts[ii])) { @@ -381,10 +376,10 @@ public class CheckRequest extends CMSServlet { certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = certs[i]; - + // Set the Ca certificate chain if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { @@ -396,7 +391,7 @@ public class CheckRequest extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new netscape.security.pkcs.ContentInfo(new byte[0]), certsInChain, new netscape.security.pkcs.SignerInfo[0]); @@ -407,7 +402,7 @@ public class CheckRequest extends CMSServlet { p7Str = CMS.BtoA(p7Bytes); - StringTokenizer tokenizer = null; + StringTokenizer tokenizer = null; if (File.separator.equals("\\")) { char[] nl = new char[2]; @@ -438,14 +433,14 @@ public class CheckRequest extends CMSServlet { if (bodyPartId != null) bpids.addElement(bodyPartId); CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); + CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); - + // copy transactionID, senderNonce, // create recipientNonce if (transIds != null) { @@ -455,7 +450,7 @@ public class CheckRequest extends CMSServlet { transIds); controlSeq.addElement(ta); } - + if (sNonces != null) { ta = new TaggedAttribute(new INTEGER(bpid++), @@ -463,7 +458,7 @@ public class CheckRequest extends CMSServlet { sNonces); controlSeq.addElement(ta); } - + String salt = CMSServlet.generateSalt(); byte[] dig; @@ -475,41 +470,40 @@ public class CheckRequest extends CMSServlet { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(newNonce[0].getBytes())); controlSeq.addElement(ta); - + ResponseBody rb = new ResponseBody(controlSeq, new SEQUENCE(), new SEQUENCE()); EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); - + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); + org.mozilla.jss.crypto.X509Certificate x509cert = null; if (mAuthority instanceof ICertificateAuthority) { x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert(); - }else if (mAuthority instanceof IRegistrationAuthority) { + } else if (mAuthority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); } if (x509cert == null) - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); - + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; @@ -518,7 +512,7 @@ public class CheckRequest extends CMSServlet { if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) + else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; @@ -533,44 +527,44 @@ public class CheckRequest extends CMSServlet { } catch (NoSuchAlgorithmException ex) { //log("digest fail"); } - + org.mozilla.jss.pkix.cms.SignerInfo signInfo = new - org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SET jsscerts = new SET(); for (int j = 0; j < certsInChain.length; j++) { ByteArrayInputStream is = new - ByteArrayInputStream(certsInChain[j].getEncoded()); + ByteArrayInputStream(certsInChain[j].getEncoded()); org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) - org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); + org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); jsscerts.addElement(certJss); } - + SignedData fResponse = new - SignedData(digestAlgs, ci, - jsscerts, null, signInfos); + SignedData(digestAlgs, ci, + jsscerts, null, signInfos); org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); + org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -579,10 +573,10 @@ public class CheckRequest extends CMSServlet { } } catch (Exception e) { e.printStackTrace(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } } argSet.addRepeatRecord(rarg); @@ -598,11 +592,11 @@ public class CheckRequest extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -610,10 +604,9 @@ public class CheckRequest extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java index 0e3974a1..f90e97b7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -25,13 +24,12 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** * An interface representing a request parser which * converts Java request object into name value * pairs and vice versa. * <P> - * + * * @version $Revision$, $Date$ */ public interface IReqParser { @@ -40,5 +38,5 @@ public interface IReqParser { * Maps request object into argument block. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException; + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java index 459aca63..b7ddc16d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.math.BigInteger; import java.util.Locale; @@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.key.KeyRecordParser; - /** * Output a 'pretty print' of a Key Archival request - * + * * @version $Revision$, $Date$ */ public class KeyReqParser extends ReqParser { @@ -50,7 +48,7 @@ public class KeyReqParser extends ReqParser { * Fills in certificate specific request attributes. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -58,7 +56,7 @@ public class KeyReqParser extends ReqParser { if (type.equals(IRequest.ENROLLMENT_REQUEST)) { BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord"); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra != null) { KeyRecordParser.fillRecordIntoArg( kra.getKeyRepository().readKeyRecord(recSerialNo), diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index d19c7714..8f229a6f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -79,12 +78,11 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * Agent operations on Certificate requests. This servlet is used * by an Agent to approve, reject, reassign, or change a certificate * request. - * + * * @version $Revision$, $Date$ */ public class ProcessCertReq extends CMSServlet { @@ -105,101 +103,92 @@ public class ProcessCertReq extends CMSServlet { private boolean mExtraAgentParams = false; // for RA only since it does not have a database. - private final static String - REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; - private final static String - PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; - private final static String - PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; - private static ICMSTemplateFiller - REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); + private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; + private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; + private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; + private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); private String mReqCompletedTemplate = null; - private final static String - CERT_TYPE = "certType"; + private final static String CERT_TYPE = "certType"; private String auditServiceID = ILogger.UNIDENTIFIED; private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = - "caProcessCertReq"; + "caProcessCertReq"; private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = - "raProcessCertReq"; + "raProcessCertReq"; private final static String SIGNED_AUDIT_ACCEPTANCE = "accept"; private final static String SIGNED_AUDIT_CANCELLATION = "cancel"; private final static String SIGNED_AUDIT_CLONING = "clone"; private final static String SIGNED_AUDIT_REJECTION = "reject"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request cancellation: " + private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { + + /* 0 */"manual non-profile cert request cancellation: " + "request cannot be processed due to an " + "authorization failure", - - /* 1 */ "manual non-profile cert request cancellation: " + + /* 1 */"manual non-profile cert request cancellation: " + "no reason has been given for cancelling this " + "cert request", - - /* 2 */ "manual non-profile cert request cancellation: " + + /* 2 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request cancellation: " + + /* 3 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request cancellation: " + + /* 4 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request cancellation: " + + /* 5 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to a NoSuchAlgorithmException" }; - private final static String[] - SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request rejection: " + private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { + + /* 0 */"manual non-profile cert request rejection: " + "request cannot be processed due to an " + "authorization failure", - - /* 1 */ "manual non-profile cert request rejection: " + + /* 1 */"manual non-profile cert request rejection: " + "no reason has been given for rejecting this " + "cert request", - - /* 2 */ "manual non-profile cert request rejection: " + + /* 2 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request rejection: " + + /* 3 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request rejection: " + + /* 4 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request rejection: " + + /* 5 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to a NoSuchAlgorithmException" }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; /** * Process request. */ public ProcessCertReq() - throws EBaseException { + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "processCertReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -212,8 +201,8 @@ public class ProcessCertReq extends CMSServlet { if (id != null) { if (!(auditServiceID.equals( AGENT_CA_CLONE_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { + && !(auditServiceID.equals( + AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -252,25 +241,19 @@ public class ProcessCertReq extends CMSServlet { } } - /** * Process the HTTP request. * <ul> - * <li>http.param seqNum request id - * <li>http.param notValidBefore certificate validity - * - notBefore - in seconds since jan 1, 1970 - * <li>http.param notValidAfter certificate validity - * - notAfter - in seconds since jan 1, 1970 - * <li>http.param subject certificate subject name - * <li>http.param toDo requested action - * (can be one of: clone, reject, accept, cancel) + * <li>http.param seqNum request id + * <li>http.param notValidBefore certificate validity - notBefore - in seconds since jan 1, 1970 + * <li>http.param notValidAfter certificate validity - notAfter - in seconds since jan 1, 1970 + * <li>http.param subject certificate subject name + * <li>http.param toDo requested action (can be one of: clone, reject, accept, cancel) * <li>http.param signatureAlgorithm certificate signing algorithm - * <li>http.param addExts base-64, DER encoded Extension or - * SEQUENCE OF Extensions to add to certificate - * <li>http.param pathLenConstraint integer path length constraint to - * use in BasicConstraint extension if applicable + * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF Extensions to add to certificate + * <li>http.param pathLenConstraint integer path length constraint to use in BasicConstraint extension if applicable * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -297,15 +280,15 @@ public class ProcessCertReq extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { if (req.getParameter(SEQNUM) != null) { CMS.debug( - "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); + "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); seqNum = Integer.parseInt(req.getParameter(SEQNUM)); } String notValidBeforeStr = req.getParameter("notValidBefore"); @@ -326,7 +309,6 @@ public class ProcessCertReq extends CMSServlet { subject = req.getParameter("subject"); signatureAlgorithm = req.getParameter("signatureAlgorithm"); - IRequest r = null; if (seqNum > -1) { @@ -334,23 +316,22 @@ public class ProcessCertReq extends CMSServlet { Integer.toString(seqNum))); } - if(seqNum > -1 && r != null) - { + if (seqNum > -1 && r != null) { processX509(cmsReq, argSet, header, seqNum, req, resp, - toDo, signatureAlgorithm, subject, - notValidBefore, notValidAfter, locale[0], startTime); + toDo, signatureAlgorithm, subject, + notValidBefore, notValidAfter, locale[0], startTime); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum))); error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, "Error " + e); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -358,46 +339,43 @@ public class ProcessCertReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } - + } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** * Process X509 certificate enrollment request and send request information - * to the caller. + * to the caller. * <P> - * + * * (Certificate Request - an "agent" cert request for "cloning") * <P> - * - * (Certificate Request Processed - either a manual "agent" non-profile - * based cert acceptance, a manual "agent" non-profile based cert - * cancellation, or a manual "agent" non-profile based cert rejection) + * + * (Certificate Request Processed - either a manual "agent" non-profile based cert acceptance, a manual "agent" non-profile based cert cancellation, or a manual "agent" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a - * certificate request has just been through the approval process + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @param argSet CMS template parameters * @param header argument block @@ -405,26 +383,26 @@ public class ProcessCertReq extends CMSServlet { * @param req HTTP servlet request * @param resp HTTP servlet response * @param toDo string representing the requested action (can be one of: - * clone, reject, accept, cancel) + * clone, reject, accept, cancel) * @param signatureAlgorithm string containing the signature algorithm * @param subject string containing the subject name of the certificate * @param notValidBefore certificate validity - notBefore - in seconds - * since Jan 1, 1970 + * since Jan 1, 1970 * @param notValidAfter certificate validity - notAfter - in seconds since - * Jan 1, 1970 + * Jan 1, 1970 * @param locale the system locale * @param startTime the current date * @exception EBaseException an error has occurred */ private void processX509(CMSRequest cmsReq, - CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String toDo, String signatureAlgorithm, - String subject, - long notValidBefore, long notValidAfter, - Locale locale, long startTime) - throws EBaseException { + CMSTemplateParams argSet, IArgBlock header, + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String toDo, String signatureAlgorithm, + String subject, + long notValidBefore, long notValidAfter, + Locale locale, long startTime) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -453,7 +431,7 @@ public class ProcessCertReq extends CMSServlet { } } - if (mAuthority != null) + if (mAuthority != null) header.addStringValue("authorityid", mAuthority.getId()); if (toDo != null) { @@ -466,12 +444,12 @@ public class ProcessCertReq extends CMSServlet { mAuthzResourceName, "execute"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -546,37 +524,37 @@ public class ProcessCertReq extends CMSServlet { int alterationCounter = 0; for (int i = 0; i < certInfo.length; i++) { - CertificateAlgorithmId certAlgId = - (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlgId = + (CertificateAlgorithmId) + certInfo[i].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); if (!(algId.getName().equals(signatureAlgorithm))) { alterationCounter++; AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm); certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(newAlgId)); + new CertificateAlgorithmId(newAlgId)); } - CertificateSubjectName certSubject = - (CertificateSubjectName) - certInfo[i].get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = + (CertificateSubjectName) + certInfo[i].get(X509CertInfo.SUBJECT); - if (subject != null && - !(certSubject.toString().equals(subject))) { + if (subject != null && + !(certSubject.toString().equals(subject))) { alterationCounter++; certInfo[i].set(X509CertInfo.SUBJECT, - new CertificateSubjectName( - (new X500Name(subject)))); + new CertificateSubjectName( + (new X500Name(subject)))); } - CertificateValidity certValidity = - (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = + (CertificateValidity) + certInfo[i].get(X509CertInfo.VALIDITY); Date currentTime = CMS.getCurrentDate(); boolean validityChanged = false; @@ -586,26 +564,26 @@ public class ProcessCertReq extends CMSServlet { CertificateValidity.NOT_BEFORE); if (notBefore.getTime() == 0 || - notBefore.getTime() != notValidBefore) { + notBefore.getTime() != notValidBefore) { Date validFrom = new Date(notValidBefore); notBefore = (notValidBefore == 0) ? currentTime : validFrom; certValidity.set(CertificateValidity.NOT_BEFORE, - notBefore); + notBefore); validityChanged = true; } } if (notValidAfter > 0) { Date validTo = new Date(notValidAfter); Date notAfter = (Date) - certValidity.get(CertificateValidity.NOT_AFTER); + certValidity.get(CertificateValidity.NOT_AFTER); if (notAfter.getTime() == 0 || - notAfter.getTime() != notValidAfter) { + notAfter.getTime() != notValidAfter) { notAfter = currentTime; notAfter = (notValidAfter == 0) ? currentTime : validTo; certValidity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter); validityChanged = true; } } @@ -618,8 +596,8 @@ public class ProcessCertReq extends CMSServlet { if (certInfo[i].get(X509CertInfo.VERSION) == null) { certInfo[i].set(X509CertInfo.VERSION, - new CertificateVersion( - CertificateVersion.V3)); + new CertificateVersion( + CertificateVersion.V3)); } CertificateExtensions extensions = null; @@ -669,14 +647,14 @@ public class ProcessCertReq extends CMSServlet { if (extensions != null) { try { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) - extensions.get( - NSCertTypeExtension.class.getSimpleName()); + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) + extensions.get( + NSCertTypeExtension.class.getSimpleName()); if (nsExtensions != null) { updateNSExtension(req, nsExtensions); - } + } } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); } @@ -686,20 +664,20 @@ public class ProcessCertReq extends CMSServlet { if (pathLength != null) { try { int pathLen = Integer.parseInt(pathLength); - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) - extensions.get( - BasicConstraintsExtension.class.getSimpleName()); + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) + extensions.get( + BasicConstraintsExtension.class.getSimpleName()); if (bcExt != null) { Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); if (bcPathLen != null && - bcPathLen.intValue() != pathLen && - isCA != null) { + bcPathLen.intValue() != pathLen && + isCA != null) { BasicConstraintsExtension bcExt0 = - new BasicConstraintsExtension(isCA.booleanValue(), pathLen); + new BasicConstraintsExtension(isCA.booleanValue(), pathLen); extensions.delete(BasicConstraintsExtension.class.getSimpleName()); extensions.set(BasicConstraintsExtension.class.getSimpleName(), (Extension) bcExt0); @@ -775,7 +753,7 @@ public class ProcessCertReq extends CMSServlet { if (mExtraAgentParams) { @SuppressWarnings("unchecked") - Enumeration<String> extraparams = req.getParameterNames(); + Enumeration<String> extraparams = req.getParameterNames(); int l = IRequest.AGENT_PARAMS.length() + 1; int ap_counter = 0; Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>(); @@ -819,100 +797,100 @@ public class ProcessCertReq extends CMSServlet { if (r.getRequestStatus().equals(RequestStatus.PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.PENDING); - if (certInfo != null) { + if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending" } + ); } } } else if (r.getRequestStatus().equals( RequestStatus.APPROVED) || - r.getRequestStatus().equals( - RequestStatus.SVC_PENDING)) { + r.getRequestStatus().equals( + RequestStatus.SVC_PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.SVC_PENDING); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus()} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus() } + ); } } } else if (r.getRequestStatus().equals( @@ -922,7 +900,7 @@ public class ProcessCertReq extends CMSServlet { // XXX make the repeat record. // Get the certificate(s) from the request X509CertImpl issuedCerts[] = - r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + r.getExtDataInCertArray(IRequest.ISSUED_CERTS); // return potentially more than one certificates. if (issuedCerts != null) { @@ -932,24 +910,24 @@ public class ProcessCertReq extends CMSServlet { //header.addBigIntegerValue("serialNumber", //issuedCerts[0].getSerialNumber(),16); for (int i = 0; i < issuedCerts.length; i++) { - if (i != 0) + if (i != 0) sbuf.append(", "); sbuf.append("0x" + - issuedCerts[i].getSerialNumber().toString(16)); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[i].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + issuedCerts[i].getSerialNumber().toString(16)); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[i].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + ); // store a message in the signed audit log file // (one for each manual "agent" @@ -965,34 +943,34 @@ public class ProcessCertReq extends CMSServlet { audit(auditMessage); } header.addStringValue( - "serialNumber", sbuf.toString()); + "serialNumber", sbuf.toString()); } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed" } + ); } // store a message in the signed audit log file @@ -1012,7 +990,7 @@ public class ProcessCertReq extends CMSServlet { // grant trusted manager or agent privileges Object grantError = null; - try { + try { int res = grant_privileges( cmsReq, r, issuedCerts, header); @@ -1043,30 +1021,29 @@ public class ProcessCertReq extends CMSServlet { String scheme = req.getScheme(); - if (scheme.equals("http") && - connectionIsSSL(req)) scheme = "https"; + if (scheme.equals("http") && + connectionIsSSL(req)) + scheme = "https"; - /* - header.addStringValue( - "authorityid", mAuthority.getId()); - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + - req.getRequestURI()); - */ + /* + header.addStringValue( + "authorityid", mAuthority.getId()); + header.addStringValue("serviceURL", scheme +"://"+ + req.getServerName() + ":"+ + req.getServerPort() + + req.getRequestURI()); + */ if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - r.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + r.getExtDataInIntegerArray("ldapPublishStatus"); int certsUpdated = 0; if (ldapPublishStatus != null) { - for (int i = 0; - i < ldapPublishStatus.length; i++) { - if (ldapPublishStatus[i] == - IRequest.RES_SUCCESS) { + for (int i = 0; i < ldapPublishStatus.length; i++) { + if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) { certsUpdated++; } } @@ -1082,47 +1059,47 @@ public class ProcessCertReq extends CMSServlet { mQueue.rejectRequest(r); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected" } + ); } } @@ -1143,47 +1120,47 @@ public class ProcessCertReq extends CMSServlet { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled" } + ); } } @@ -1204,54 +1181,54 @@ public class ProcessCertReq extends CMSServlet { IRequest clonedRequest = mQueue.cloneAndMarkPending(r); header.addStringValue("clonedRequestId", - clonedRequest.getRequestId().toString()); + clonedRequest.getRequestId().toString()); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString()} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString() } + ); } } @@ -1270,11 +1247,11 @@ public class ProcessCertReq extends CMSServlet { } // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); header.addIntegerValue("seqNum", seqNum); @@ -1389,7 +1366,7 @@ public class ProcessCertReq extends CMSServlet { } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); @@ -1443,7 +1420,7 @@ public class ProcessCertReq extends CMSServlet { } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (NoSuchAlgorithmException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); @@ -1500,9 +1477,9 @@ public class ProcessCertReq extends CMSServlet { } return; } - - private void updateNSExtension(HttpServletRequest req, - NSCertTypeExtension ext) throws IOException { + + private void updateNSExtension(HttpServletRequest req, + NSCertTypeExtension ext) throws IOException { try { if (req.getParameter("certTypeSSLServer") == null) { @@ -1562,95 +1539,91 @@ public class ProcessCertReq extends CMSServlet { private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) { int nChanges = 0; - if (req.getParameter("certTypeSSLServer") != null) { - r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_SERVER); - nChanges++; - } + if (req.getParameter("certTypeSSLServer") != null) { + r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_SERVER); + nChanges++; + } - if (req.getParameter("certTypeSSLClient") != null) { - r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); - nChanges++; - } + if (req.getParameter("certTypeSSLClient") != null) { + r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); + nChanges++; + } - if (req.getParameter("certTypeEmail") != null) { - r.setExtData(NSCertTypeExtension.EMAIL, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL); - nChanges++; - } + if (req.getParameter("certTypeEmail") != null) { + r.setExtData(NSCertTypeExtension.EMAIL, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL); + nChanges++; + } - if (req.getParameter("certTypeObjSigning") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); - nChanges++; - } + if (req.getParameter("certTypeObjSigning") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); + nChanges++; + } - if (req.getParameter("certTypeEmailCA") != null) { - r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL_CA); - nChanges++; - } + if (req.getParameter("certTypeEmailCA") != null) { + r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL_CA); + nChanges++; + } - if (req.getParameter("certTypeSSLCA") != null) { - r.setExtData(NSCertTypeExtension.SSL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CA); - nChanges++; - } + if (req.getParameter("certTypeSSLCA") != null) { + r.setExtData(NSCertTypeExtension.SSL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CA); + nChanges++; + } - if (req.getParameter("certTypeObjSigningCA") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); - nChanges++; - } + if (req.getParameter("certTypeObjSigningCA") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); + nChanges++; + } return nChanges; } - + protected static final String GRANT_ERROR = "grantError"; - public static final String - GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; - public static final String - GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; - public static final String - GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; - public static final String - GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; + public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; + public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; + public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; + public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; public static final String GRANT_UID = "grantUID"; public static final String GRANT_PRIVILEGE = "grantPrivilege"; protected int grant_privileges( - CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) - throws EBaseException { + CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) + throws EBaseException { // get privileges to grant IArgBlock httpParams = cmsReq.getHttpParams(); - boolean grantTrustedMgr = - httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); - boolean grantRMAgent = - httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); - boolean grantCMAgent = - httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); - boolean grantDRMAgent = - httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); - - if (!grantTrustedMgr && - !grantCMAgent && !grantRMAgent && !grantDRMAgent) { + boolean grantTrustedMgr = + httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); + boolean grantRMAgent = + httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); + boolean grantCMAgent = + httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); + boolean grantDRMAgent = + httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); + + if (!grantTrustedMgr && + !grantCMAgent && !grantRMAgent && !grantDRMAgent) { return 0; } else { IAuthToken authToken = getAuthToken(req); @@ -1669,7 +1642,7 @@ public class ProcessCertReq extends CMSServlet { if (grantTrustedMgr) obj[0] = TRUSTED_RA_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) obj[0] = RA_AGENT_GROUP; else if (grantCMAgent) obj[0] = CA_AGENT_GROUP; @@ -1696,22 +1669,22 @@ public class ProcessCertReq extends CMSServlet { groupname = TRUSTED_RA_GROUP; userType = Constants.PR_SUBSYSTEM_TYPE; } else { - if (grantCMAgent) + if (grantCMAgent) groupname = CA_AGENT_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) groupname = RA_AGENT_GROUP; if (grantDRMAgent) { - if (groupname != null) + if (groupname != null) groupname1 = KRA_AGENT_GROUP; - else + else groupname = KRA_AGENT_GROUP; } userType = Constants.PR_AGENT_TYPE; } - String privilege = - (groupname1 == null) ? groupname : groupname + " and " + groupname1; + String privilege = + (groupname1 == null) ? groupname : groupname + " and " + groupname1; header.addStringValue(GRANT_PRIVILEGE, privilege); @@ -1727,23 +1700,23 @@ public class ProcessCertReq extends CMSServlet { IGroup group = ug.findGroup(groupname), group1 = null; if (group == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname)); } if (groupname1 != null) { group1 = ug.findGroup(groupname1); if (group1 == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1)); } } try { ug.addUser(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid)); } try { @@ -1752,11 +1725,11 @@ public class ProcessCertReq extends CMSServlet { user.setX509Certificates(tmp); } - + ug.addUserCert(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid)); } try { @@ -1765,44 +1738,44 @@ public class ProcessCertReq extends CMSServlet { // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname } + ); if (group1 != null) { group1.addMemberName(uid); ug.modifyGroup(group1); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname1} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname1 } + ); } } catch (Exception e) { - String msg = - "Could not add user " + uid + " to group " + groupname; + String msg = + "Could not add user " + uid + " to group " + groupname; if (group1 != null) msg += " or group " + groupname1; log(ILogger.LL_FAILURE, msg); - if (group1 == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); - else - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); + if (group1 == null) + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); + else + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); } return 1; } /** * Signed Audit Log Info Name - * + * * This method is called to obtain the "InfoName" for * a signed audit log message. * <P> - * + * * @param type signed audit log request processing type * @return id string containing the signed audit log message InfoName */ @@ -1833,11 +1806,11 @@ public class ProcessCertReq extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1891,38 +1864,38 @@ public class ProcessCertReq extends CMSServlet { } } - class RAReqCompletedFiller extends ImportCertsTemplateFiller { private static final String RA_AGENT_GROUP = "Registration Manager Agents"; private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents"; + public RAReqCompletedFiller() { super(); } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Object[] results = (Object[]) cmsReq.getResult(); Object grantError = results[1]; //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; Certificate[] issuedCerts = (Certificate[]) results[0]; - + cmsReq.setResult(issuedCerts); - CMSTemplateParams params = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSTemplateParams params = + super.getTemplateParams(cmsReq, authority, locale, e); if (grantError != null) { IArgBlock header = params.getHeader(); if (grantError instanceof String) { header.addStringValue( - ProcessCertReq.GRANT_ERROR, (String) grantError); + ProcessCertReq.GRANT_ERROR, (String) grantError); } else { EBaseException ex = (EBaseException) grantError; header.addStringValue( - ProcessCertReq.GRANT_ERROR, ex.toString(locale)); + ProcessCertReq.GRANT_ERROR, ex.toString(locale)); } IArgBlock httpParams = cmsReq.getHttpParams(); String uid = httpParams.getValueAsString( @@ -1941,7 +1914,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { if (grantDRMAgent) { if (privilege != null) privilege += " and " + KRA_AGENT_GROUP; - else + else privilege = KRA_AGENT_GROUP; } header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege); @@ -1949,4 +1922,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java index 0ac27197..78f047d2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Locale; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display Generic Request detail to the user. - * + * * @version $Revision$, $Date$ */ public class ProcessReq extends CMSServlet { @@ -74,8 +72,8 @@ public class ProcessReq extends CMSServlet { private IReqParser mParser = null; private String[] mSigningAlgorithms = null; - private static String[] DEF_SIGNING_ALGORITHMS = new String[] - {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"}; + private static String[] DEF_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA" }; /** * Process request. @@ -90,11 +88,12 @@ public class ProcessReq extends CMSServlet { * The initialization parameter 'parser' is read from the * servlet configration, and is used to set the type of request. * The value of this parameter can be: - * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary - * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail - * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail - * </UL> - * + * <UL> + * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary + * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail + * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail + * </UL> + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -111,13 +110,13 @@ public class ProcessReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); - if (mOutputTemplatePath != null) + if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } @@ -125,10 +124,9 @@ public class ProcessReq extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param seqNum - * <li>http.param doAssign reassign request. Value can be reassignToMe - * reassignToNobody + * <li>http.param doAssign reassign request. Value can be reassignToMe reassignToNobody * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -152,10 +150,10 @@ public class ProcessReq extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting template " + mFormPath + " Error " + e); + log(ILogger.LL_FAILURE, + "Error getting template " + mFormPath + " Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,8 +170,8 @@ public class ProcessReq extends CMSServlet { if (doAssign == null) { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); - } else if (doAssign.equals("toMe") || - doAssign.equals("reassignToMe")) { + } else if (doAssign.equals("toMe") || + doAssign.equals("reassignToMe")) { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "assign"); } else if (doAssign.equals("reassignToNobody")) { @@ -182,10 +180,10 @@ public class ProcessReq extends CMSServlet { } } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -193,19 +191,19 @@ public class ProcessReq extends CMSServlet { return; } - process(argSet, header, seqNum, req, resp, - doAssign, locale[0]); + process(argSet, header, seqNum, req, resp, + doAssign, locale[0]); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -213,46 +211,46 @@ public class ProcessReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setError(error); cmsReq.setStatus(CMSRequest.ERROR); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting servlet output stream for rendering template. " + - "Error " + e); + log(ILogger.LL_FAILURE, + "Error getting servlet output stream for rendering template. " + + "Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** - * Sends request information to the calller. + * Sends request information to the calller. * returns whether there was an error or not. */ private void process(CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String doAssign, Locale locale) - throws EBaseException { + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String doAssign, Locale locale) + throws EBaseException { header.addIntegerValue("seqNum", seqNum); - IRequest r = - mQueue.findRequest(new RequestId(Integer.toString(seqNum))); + IRequest r = + mQueue.findRequest(new RequestId(Integer.toString(seqNum))); if (r != null) { if (doAssign != null) { if ((doAssign.equals("toMe")) - || (doAssign.equals("reassignToMe"))) { + || (doAssign.equals("reassignToMe"))) { SessionContext ctx = SessionContext.getContext(); String id = (String) ctx.get(SessionContext.USER_ID); @@ -265,14 +263,14 @@ public class ProcessReq extends CMSServlet { } // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); - // DONT NEED TO DO THIS FOR DRM + // DONT NEED TO DO THIS FOR DRM if (mAuthority instanceof ICertAuthority) { // Check/set signing algorithms dynamically. // In RA mSigningAlgorithms could be null at startup if CA is not @@ -281,15 +279,15 @@ public class ProcessReq extends CMSServlet { String[] allAlgorithms = mSigningAlgorithms; if (allAlgorithms == null) { - allAlgorithms = mSigningAlgorithms = + allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority).getCASigningAlgorithms(); if (allAlgorithms == null) { CMS.debug( - "ProcessReq: signing algorithms set to All algorithms"); + "ProcessReq: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; - } else + } else CMS.debug( - "ProcessReq: First signing algorithms is " + allAlgorithms[0]); + "ProcessReq: First signing algorithms is " + allAlgorithms[0]); } String validAlgorithms = null; StringBuffer sb = new StringBuffer(); @@ -310,10 +308,10 @@ public class ProcessReq extends CMSServlet { if (signingAlgorithm != null) header.addStringValue("caSigningAlgorithm", signingAlgorithm); header.addLongValue("defaultValidityLength", - ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); + ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); } else if (mAuthority instanceof IRegistrationAuthority) { header.addLongValue("defaultValidityLength", - ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); + ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); } X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert(); @@ -328,8 +326,8 @@ public class ProcessReq extends CMSServlet { } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index 036bd5d0..3a12819f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show paged list of requests matching search criteria - * + * * @version $Revision$, $Date$ */ public class QueryReq extends CMSServlet { @@ -61,7 +59,7 @@ public class QueryReq extends CMSServlet { private final static String IN_SHOW_ALL = "showAll"; private final static String IN_SHOW_WAITING = "showWaiting"; private final static String IN_SHOW_IN_SERVICE = "showInService"; - private final static String IN_SHOW_PENDING= "showPending"; + private final static String IN_SHOW_PENDING = "showPending"; private final static String IN_SHOW_CANCELLED = "showCancelled"; private final static String IN_SHOW_REJECTED = "showRejected"; private final static String IN_SHOW_COMPLETED = "showCompleted"; @@ -94,8 +92,8 @@ public class QueryReq extends CMSServlet { private final static String OUT_COMMENTS = "requestorComments"; private final static String OUT_SERIALNO = "serialNumber"; private final static String OUT_OWNER_NAME = "ownerName"; - private final static String OUT_PUBLIC_KEY_INFO = - "subjectPublicKeyInfo"; + private final static String OUT_PUBLIC_KEY_INFO = + "subjectPublicKeyInfo"; private final static String OUT_ERROR = "error"; private final static String OUT_AUTHORITY_ID = "authorityid"; @@ -119,7 +117,7 @@ public class QueryReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -142,7 +140,7 @@ public class QueryReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } // override success and error templates to null - // handle templates locally. @@ -152,7 +150,7 @@ public class QueryReq extends CMSServlet { if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - + private String getRequestType(String p) { String filter = "(requestType=*)"; @@ -212,348 +210,338 @@ public class QueryReq extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param reqState request state - * (one of showAll, showWaiting, showInService, - * showCancelled, showRejected, showCompleted) + * <li>http.param reqState request state (one of showAll, showWaiting, showInService, showCancelled, showRejected, showCompleted) * <li>http.param reqType - * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if - * when paging down - * seqNumFromDown starts with 0x) - * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if - * when paging up - * seqNumFromUp starts with 0x) + * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if when paging down seqNumFromDown starts with 0x) + * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if when paging up seqNumFromUp starts with 0x) * <li>http.param maxCount maximum number of records to show * <li>http.param totalCount total number of records in set of pages * <li>http.param direction "up", "down", "begin", or "end" * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { - CMS.debug("in QueryReq servlet"); - - // Authentication / Authorization - - HttpServletRequest req = cmsReq.getHttpReq(); - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - - - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - // if get a EBaseException we just throw it. - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - /** - * WARNING: - * - * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. - * - **/ - String filter = null; - String reqState = req.getParameter("reqState"); - String reqType = req.getParameter("reqType"); - - if (reqState == null || reqType == null) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL) && - reqType.equals(IN_SHOW_ALL)) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL)) { - filter = getRequestType(reqType); - } else if (reqType.equals(IN_SHOW_ALL)) { - filter = getRequestState(reqState); - } else { - filter = "(&" + getRequestState(reqState) + - getRequestType(reqType) + ")"; - } - - String direction = "begin"; - if (req.getParameter("direction") != null) { - direction = req.getParameter("direction").trim(); - } - - - int top=0, bottom=0; - - try { - String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); - if (top_s == null) top_s = "0"; - - String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); - if (bottom_s == null) bottom_s = "0"; - - if (top_s.trim().startsWith("0x")) { - top = Integer.parseInt(top_s.trim().substring(2), 16); - } else { - top = Integer.parseInt(top_s.trim()); - } - if (bottom_s.trim().startsWith("0x")) { - bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); - } else { - bottom = Integer.parseInt(bottom_s.trim()); - } - - } catch (NumberFormatException e) { - - } - - // avoid NumberFormatException to the user interface - int maxCount = 10; - try { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); - } catch (Exception e) { - } + CMS.debug("in QueryReq servlet"); + + // Authentication / Authorization + + HttpServletRequest req = cmsReq.getHttpReq(); + IAuthToken authToken = authenticate(cmsReq); + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + try { + // if get a EBaseException we just throw it. + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + + /** + * WARNING: + * + * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. + * + **/ + String filter = null; + String reqState = req.getParameter("reqState"); + String reqType = req.getParameter("reqType"); + + if (reqState == null || reqType == null) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL) && + reqType.equals(IN_SHOW_ALL)) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL)) { + filter = getRequestType(reqType); + } else if (reqType.equals(IN_SHOW_ALL)) { + filter = getRequestState(reqState); + } else { + filter = "(&" + getRequestState(reqState) + + getRequestType(reqType) + ")"; + } + + String direction = "begin"; + if (req.getParameter("direction") != null) { + direction = req.getParameter("direction").trim(); + } + + int top = 0, bottom = 0; + + try { + String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); + if (top_s == null) + top_s = "0"; + + String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); + if (bottom_s == null) + bottom_s = "0"; + + if (top_s.trim().startsWith("0x")) { + top = Integer.parseInt(top_s.trim().substring(2), 16); + } else { + top = Integer.parseInt(top_s.trim()); + } + if (bottom_s.trim().startsWith("0x")) { + bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); + } else { + bottom = Integer.parseInt(bottom_s.trim()); + } + + } catch (NumberFormatException e) { + + } + + // avoid NumberFormatException to the user interface + int maxCount = 10; + try { + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + } catch (Exception e) { + } if (maxCount > mMaxReturns) { CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); maxCount = mMaxReturns; } - HttpServletResponse resp = cmsReq.getHttpResp(); - CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom ); - - - argset.getFixed().addStringValue("reqType",reqType); + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom); + + argset.getFixed().addStringValue("reqType", reqType); argset.getFixed().addStringValue("reqState", reqState); - argset.getFixed().addIntegerValue("maxCount",maxCount); - - - try { - form.getOutput(argset); - resp.setContentType("text/html"); - form.renderOutput(resp.getOutputStream(), argset); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - return; + argset.getFixed().addIntegerValue("maxCount", maxCount); + + try { + form.getOutput(argset); + resp.setContentType("text/html"); + form.renderOutput(resp.getOutputStream(), argset); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + cmsReq.setStatus(CMSRequest.SUCCESS); + return; } /** * Perform search based on direction button pressed + * * @param filter ldap filter indicating which VLV to search through. This can be - * 'all requests', 'pending', etc + * 'all requests', 'pending', etc * @param count the number of requests to show per page * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end) - * @param top the number of the request shown on at the top of the current page + * @param top the number of the request shown on at the top of the current page * @param bottom the number of the request shown on at the bottom of the current page - * @return + * @return */ - + private CMSTemplateParams doSearch(Locale l, String filter, - int count, String direction, int top, int bottom) - { - CMSTemplateParams ctp = null; - if (direction.equals("previous")) { - ctp = doSearch(l, filter, -count, top-1); - } else if (direction.equals("next")) { - ctp = doSearch(l,filter, count, bottom+1); - } else if (direction.equals("begin")) { - ctp = doSearch(l,filter, count, 0); - } else if (direction.equals("first")) { - ctp = doSearch(l,filter, count, bottom); - } else { // if 'direction is 'end', default here - ctp = doSearch(l,filter, -count, -1); - } - return ctp; + int count, String direction, int top, int bottom) { + CMSTemplateParams ctp = null; + if (direction.equals("previous")) { + ctp = doSearch(l, filter, -count, top - 1); + } else if (direction.equals("next")) { + ctp = doSearch(l, filter, count, bottom + 1); + } else if (direction.equals("begin")) { + ctp = doSearch(l, filter, count, 0); + } else if (direction.equals("first")) { + ctp = doSearch(l, filter, count, bottom); + } else { // if 'direction is 'end', default here + ctp = doSearch(l, filter, -count, -1); + } + return ctp; } - - - - /** - * - * @param locale - * @param filter the types of requests to return - this must match the VLV index - * @param count maximum number of records to return - * @param marker indication of the request ID where the page is anchored - * @return - */ + + /** + * + * @param locale + * @param filter the types of requests to return - this must match the VLV index + * @param count maximum number of records to return + * @param marker indication of the request ID where the page is anchored + * @return + */ private CMSTemplateParams doSearch( - Locale locale, - String filter, - int count, - int marker) { - - IArgBlock header = CMS.createArgBlock(); - IArgBlock context = CMS.createArgBlock(); - CMSTemplateParams argset = new CMSTemplateParams(header, context); - - try { - long startTime = CMS.getCurrentDate().getTime(); - // preserve the type of request that we are - // requesting. - - header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); - header.addStringValue(OUT_REQUESTING_USER, "admin"); - - - boolean jumptoend = false; - if (marker == -1) { - marker = 0; // I think this is inconsequential - jumptoend = true; // override to '99' during search - } - - RequestId id = new RequestId(Integer.toString(marker)); - IRequestVirtualList list = mQueue.getPagedRequestsByFilter( - id, - jumptoend, - filter, - count+1, - "requestId"); - - int totalCount = list.getSize() - list.getCurrentIndex(); - header.addIntegerValue(OUT_TOTALCOUNT, totalCount); - header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); - - int numEntries = list.getSize() - list.getCurrentIndex(); - - Vector v = fetchRecords(list,Math.abs(count)); - v = normalizeOrder(v); - trim(v,id); - - - int currentCount = 0; - int curNum = 0; - int firstNum = -1; - Enumeration requests = v.elements(); - - while (requests.hasMoreElements()) { - IRequest request = null; - try { - request = (IRequest) requests.nextElement(); - } catch (Exception e) { - CMS.debug("Error displaying request:"+e.getMessage()); - // handled below - } - if (request == null) { - log(ILogger.LL_WARN, "Error display request on page"); - continue; - } - - curNum = Integer.parseInt( - request.getRequestId().toString()); - - if (firstNum == -1) { - firstNum = curNum; - } - - IArgBlock rec = CMS.createArgBlock(); - mParser.fillRequestIntoArg(locale, request, argset, rec); - mQueue.releaseRequest(request); - argset.addRepeatRecord(rec); - - currentCount++; - - }// while - long endTime = CMS.getCurrentDate().getTime(); - - header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); - header.addStringValue("time", Long.toString(endTime - startTime)); - header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); - header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - } - return argset; - + Locale locale, + String filter, + int count, + int marker) { + + IArgBlock header = CMS.createArgBlock(); + IArgBlock context = CMS.createArgBlock(); + CMSTemplateParams argset = new CMSTemplateParams(header, context); + + try { + long startTime = CMS.getCurrentDate().getTime(); + // preserve the type of request that we are + // requesting. + + header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); + header.addStringValue(OUT_REQUESTING_USER, "admin"); + + boolean jumptoend = false; + if (marker == -1) { + marker = 0; // I think this is inconsequential + jumptoend = true; // override to '99' during search + } + + RequestId id = new RequestId(Integer.toString(marker)); + IRequestVirtualList list = mQueue.getPagedRequestsByFilter( + id, + jumptoend, + filter, + count + 1, + "requestId"); + + int totalCount = list.getSize() - list.getCurrentIndex(); + header.addIntegerValue(OUT_TOTALCOUNT, totalCount); + header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); + + int numEntries = list.getSize() - list.getCurrentIndex(); + + Vector v = fetchRecords(list, Math.abs(count)); + v = normalizeOrder(v); + trim(v, id); + + int currentCount = 0; + int curNum = 0; + int firstNum = -1; + Enumeration requests = v.elements(); + + while (requests.hasMoreElements()) { + IRequest request = null; + try { + request = (IRequest) requests.nextElement(); + } catch (Exception e) { + CMS.debug("Error displaying request:" + e.getMessage()); + // handled below + } + if (request == null) { + log(ILogger.LL_WARN, "Error display request on page"); + continue; + } + + curNum = Integer.parseInt( + request.getRequestId().toString()); + + if (firstNum == -1) { + firstNum = curNum; + } + + IArgBlock rec = CMS.createArgBlock(); + mParser.fillRequestIntoArg(locale, request, argset, rec); + mQueue.releaseRequest(request); + argset.addRepeatRecord(rec); + + currentCount++; + + }// while + long endTime = CMS.getCurrentDate().getTime(); + + header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); + header.addStringValue("time", Long.toString(endTime - startTime)); + header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); + header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); + + } catch (EBaseException e) { + header.addStringValue(OUT_ERROR, e.toString(locale)); + } catch (Exception e) { + } + return argset; + } /** * If the vector contains the marker element at the end, remove it. - * @param v The vector to trim - * @param marker the marker to look for. + * + * @param v The vector to trim + * @param marker the marker to look for. + */ + private void trim(Vector v, RequestId marker) { + int i = v.size() - 1; + if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) { + v.remove(i); + } + + } + + /** + * Sometimes the list comes back from LDAP in reverse order. This function makes + * sure the results are in 'forward' order. + * + * @param list + * @return */ - private void trim(Vector v, RequestId marker) { - int i = v.size()-1; - if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) { - v.remove(i); - } - - } - - /** - * Sometimes the list comes back from LDAP in reverse order. This function makes - * sure the results are in 'forward' order. - * @param list - * @return - */ private Vector fetchRecords(IRequestVirtualList list, int maxCount) { - - Vector v = new Vector(); - int count = list.getSize(); - int c=0; - for (int i=0; i<count; i++) { - IRequest request = list.getElementAt(i); - if (request != null) { - v.add(request); - c++; - } - if (c >= maxCount) break; - } - - return v; + + Vector v = new Vector(); + int count = list.getSize(); + int c = 0; + for (int i = 0; i < count; i++) { + IRequest request = list.getElementAt(i); + if (request != null) { + v.add(request); + c++; + } + if (c >= maxCount) + break; + } + + return v; } /** * If the requests are in backwards order, reverse the list + * * @param list * @return */ private Vector normalizeOrder(Vector list) { - - int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) - .getRequestId().toString()); - int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list - .size() - 1)).getRequestId().toString()); - boolean reverse = false; - if (firstrequestnum > lastrequestnum) { - reverse = true; // if the order is backwards, place items at the beginning - } - Vector v = new Vector(); - int count = list.size(); - for (int i = 0; i < count; i++) { - Object request = list.elementAt(i); - if (request != null) { - if (reverse) - v.add(0, request); - else - v.add(request); - } - } - - return v; + + int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) + .getRequestId().toString()); + int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list + .size() - 1)).getRequestId().toString()); + boolean reverse = false; + if (firstrequestnum > lastrequestnum) { + reverse = true; // if the order is backwards, place items at the beginning + } + Vector v = new Vector(); + int count = list.size(); + for (int i = 0; i < count; i++) { + Object request = list.elementAt(i); + if (request != null) { + if (reverse) + v.add(0, request); + else + v.add(request); + } + } + + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java index 29414ca5..00f95ec2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** * A class representing a request parser. * <P> - * + * * @version $Revision$, $Date$ */ public class ReqParser implements IReqParser { @@ -51,29 +49,30 @@ public class ReqParser implements IReqParser { * Maps request object into argument block. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { arg.addStringValue(TYPE, req.getRequestType()); - arg.addLongValue("seqNum", - Long.parseLong(req.getRequestId().toString())); - arg.addStringValue(STATUS, - req.getRequestStatus().toString()); - arg.addLongValue(CREATE_ON, - req.getCreationTime().getTime() / 1000); - arg.addLongValue(UPDATE_ON, - req.getModificationTime().getTime() / 1000); + arg.addLongValue("seqNum", + Long.parseLong(req.getRequestId().toString())); + arg.addStringValue(STATUS, + req.getRequestStatus().toString()); + arg.addLongValue(CREATE_ON, + req.getCreationTime().getTime() / 1000); + arg.addLongValue(UPDATE_ON, + req.getModificationTime().getTime() / 1000); String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY); - if (updatedBy == null) updatedBy = ""; + if (updatedBy == null) + updatedBy = ""; arg.addStringValue(UPDATE_BY, updatedBy); SessionContext ctx = SessionContext.getContext(); - String id = (String) ctx.get(SessionContext.USER_ID); + String id = (String) ctx.get(SessionContext.USER_ID); arg.addStringValue("callerName", id); - + String owner = req.getRequestOwner(); - if (owner != null) + if (owner != null) arg.addStringValue("assignedTo", owner); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java index 04b21440..5fc05bb2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SearchReqs extends CMSServlet { @@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet { } /** - * initialize the servlet. This servlet uses queryReq.template - * to render the response + * initialize the servlet. This servlet uses queryReq.template + * to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -154,10 +153,10 @@ public class SearchReqs extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? + * [maxCount=<number>] + * [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -172,10 +171,10 @@ public class SearchReqs extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -198,10 +197,10 @@ public class SearchReqs extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -215,10 +214,10 @@ public class SearchReqs extends CMSServlet { timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, req.getParameter("queryRequestFilter"), authToken, - maxResults, timeLimit, req, resp, locale[0]); + maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -229,33 +228,33 @@ public class SearchReqs extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, IAuthToken token, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, IAuthToken token, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -272,12 +271,12 @@ public class SearchReqs extends CMSServlet { } else { if (owner.equals("self")) { String self_uid = token.getInString(IAuthToken.USER_ID); - requestowner_filter = "(requestowner="+self_uid+")"; + requestowner_filter = "(requestowner=" + self_uid + ")"; } else { String uid = req.getParameter("uid"); - requestowner_filter = "(requestowner="+uid+")"; + requestowner_filter = "(requestowner=" + uid + ")"; } - newfilter = "(&"+requestowner_filter+filter.substring(2); + newfilter = "(&" + requestowner_filter + filter.substring(2); } // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { @@ -289,8 +288,8 @@ public class SearchReqs extends CMSServlet { timeLimit = mTimeLimits; } IRequestList list = (timeLimit > 0) ? - mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : - mQueue.listRequestsByFilter(newfilter, maxResults); + mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : + mQueue.listRequestsByFilter(newfilter, maxResults); int count = 0; @@ -323,7 +322,8 @@ public class SearchReqs extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index ca785565..3a6dda64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -50,14 +50,12 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.symkey.SessionKey; - - /** * A class representings an administration servlet for Token Key - * Service Authority. This servlet is responsible to serve - * tks administrative operation such as configuration + * Service Authority. This servlet is responsible to serve + * tks administrative operation such as configuration * parameter updates. - * + * * @version $Revision$, $Date$ */ public class TokenServlet extends CMSServlet { @@ -66,66 +64,53 @@ public class TokenServlet extends CMSServlet { */ private static final long serialVersionUID = 8687436109695172791L; protected static final String PROP_ENABLED = "enabled"; - protected static final String TRANSPORT_KEY_NAME ="sharedSecret"; + protected static final String TRANSPORT_KEY_NAME = "sharedSecret"; private final static String INFO = "TokenServlet"; public static int ERROR = 1; private ITKSAuthority mTKS = null; private String mSelectedToken = null; private String mNewSelectedToken = null; String mKeyNickName = null; - String mNewKeyNickName = null; + String mNewKeyNickName = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; /** * Constructs tks servlet. @@ -135,14 +120,13 @@ public class TokenServlet extends CMSServlet { } - public static String trim(String a) - { - StringBuffer newa = new StringBuffer(); + public static String trim(String a) { + StringBuffer newa = new StringBuffer(); StringTokenizer tokens = new StringTokenizer(a, "\n"); - while (tokens.hasMoreTokens()) { - newa.append(tokens.nextToken()); - } - return newa.toString(); + while (tokens.hasMoreTokens()) { + newa.append(tokens.nextToken()); + } + return newa.toString(); } public void init(ServletConfig config) throws ServletException { @@ -151,18 +135,19 @@ public class TokenServlet extends CMSServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * Process the HTTP request. - * + + /** + * Process the HTTP request. + * * @param s The URL to decode. */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -182,62 +167,59 @@ public class TokenServlet extends CMSServlet { } } // end for return out.toString(); - } + } + + private void setDefaultSlotAndKeyName(HttpServletRequest req) { + try { - private void setDefaultSlotAndKeyName(HttpServletRequest req) - { - try { + String keySet = req.getParameter("keySet"); + if (keySet == null || keySet.equals("")) { + keySet = "defKeySet"; + } + CMS.debug("keySet selected: " + keySet); - String keySet = req.getParameter("keySet"); - if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; - } - CMS.debug("keySet selected: " + keySet); + mNewSelectedToken = null; - mNewSelectedToken = null; - - mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - String temp = req.getParameter("KeyInfo"); //#xx#xx - String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if(mappingValue!=null) - { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - - String currentToken= st.nextToken(); - if(tokenNumber==0) - mSelectedToken = currentToken; - else if(tokenNumber==1) - mKeyNickName = currentToken; - tokenNumber++; - - } + mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + String temp = req.getParameter("KeyInfo"); //#xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue != null) { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mSelectedToken = currentToken; + else if (tokenNumber == 1) + mKeyNickName = currentToken; + tokenNumber++; + + } } - if(req.getParameter("newKeyInfo")!=null) // for diversification + if (req.getParameter("newKeyInfo") != null) // for diversification { - temp = req.getParameter("newKeyInfo"); //#xx#xx - String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - if(newMappingValue!=null) - { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - String currentToken= st.nextToken(); - if(tokenNumber==0) - mNewSelectedToken = currentToken; - else if(tokenNumber==1) - mNewKeyNickName = currentToken; - tokenNumber++; - - } + temp = req.getParameter("newKeyInfo"); //#xx#xx + String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + if (newMappingValue != null) { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mNewSelectedToken = currentToken; + else if (tokenNumber == 1) + mNewKeyNickName = currentToken; + tokenNumber++; + + } } - } + } - SessionKey.SetDefaultPrefix(masterKeyPrefix); + SessionKey.SetDefaultPrefix(masterKeyPrefix); } catch (Exception e) { e.printStackTrace(); @@ -247,9 +229,8 @@ public class TokenServlet extends CMSServlet { } private void processComputeSessionKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { - byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key; + HttpServletResponse resp) throws EBaseException { + byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key; byte[] card_crypto, host_cryptogram, input_card_crypto; byte[] xcard_challenge, xhost_challenge; byte[] enc_session_key, xkeyInfo; @@ -257,18 +238,18 @@ public class TokenServlet extends CMSServlet { String errorMsg = ""; String badParams = ""; String transportKeyName = ""; - - String rCUID = req.getParameter("CUID"); + + String rCUID = req.getParameter("CUID"); String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); boolean serversideKeygen = false; byte[] drm_trans_wrapped_desKey = null; - PK11SymKey desKey = null; - // PK11SymKey kek_session_key; + PK11SymKey desKey = null; + // PK11SymKey kek_session_key; PK11SymKey kek_key; IConfigStore sconfig = CMS.getConfigStore(); @@ -278,14 +259,14 @@ public class TokenServlet extends CMSServlet { card_crypto = null; host_cryptogram = null; enc_session_key = null; - // kek_session_key = null; + // kek_session_key = null; SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( @@ -297,19 +278,19 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); String kek_wrapped_desKeyString = null; - String keycheck_s = null; + String keycheck_s = null; CMS.debug("processComputeSessionKey:"); String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; - String rServersideKeygen = (String) req.getParameter("serversideKeygen"); + String rServersideKeygen = (String) req.getParameter("serversideKeygen"); if (rServersideKeygen.equals("true")) { - CMS.debug("TokenServlet: serversideKeygen requested"); - serversideKeygen = true; + CMS.debug("TokenServlet: serversideKeygen requested"); + serversideKeygen = true; } else { - CMS.debug("TokenServlet: serversideKeygen not requested"); + CMS.debug("TokenServlet: serversideKeygen not requested"); } try { @@ -318,13 +299,12 @@ public class TokenServlet extends CMSServlet { } try { - transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME); + transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME); } catch (EBaseException e) { } CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName); - String rcard_challenge = req.getParameter("card_challenge"); String rhost_challenge = req.getParameter("host_challenge"); String rKeyInfo = req.getParameter("KeyInfo"); @@ -353,7 +333,6 @@ public class TokenServlet extends CMSServlet { missingParam = true; } - String selectedToken = null; String keyNickName = null; boolean sameCardCrypto = true; @@ -362,48 +341,48 @@ public class TokenServlet extends CMSServlet { xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; } xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length."); - missingParam = true; + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length."); + missingParam = true; } - xcard_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + xcard_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); if (xcard_challenge == null || xcard_challenge.length != 8) { - badParams += " card_challenge length,"; - CMS.debug("TokenServlet: Invalid card challenge length."); - missingParam = true; + badParams += " card_challenge length,"; + CMS.debug("TokenServlet: Invalid card challenge length."); + missingParam = true; } - + xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); if (xhost_challenge == null || xhost_challenge.length != 8) { - badParams += " host_challenge length,"; - CMS.debug("TokenServlet: Invalid host challenge length"); - missingParam = true; + badParams += " host_challenge length,"; + CMS.debug("TokenServlet: Invalid host challenge length"); + missingParam = true; } - + } CUID = null; if (!missingParam) { - card_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); - + card_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { - selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + selectedToken = + CMS.getConfigStore().getString("tks.defaultSlot", "internal"); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -419,133 +398,128 @@ public class TokenServlet extends CMSServlet { byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); - session_key = SessionKey.ComputeSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName ); + session_key = SessionKey.ComputeSessionKey( + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName); - if(session_key == null) - { + if (session_key == null) { CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL "); - throw new Exception("Can't compute session key!"); + throw new Exception("Can't compute session key!"); - } + } byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet); - if(enc_session_key == null) - { + if (enc_session_key == null) { CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL "); - throw new Exception("Can't compute enc session key!"); - + throw new Exception("Can't compute enc session key!"); + } if (serversideKeygen == true) { /** - * 0. generate des key + * 0. generate des key * 1. encrypt des key with kek key * 2. encrypt des key with DRM transport key * These two wrapped items are to be sent back to - * TPS. 2nd item is to DRM + * TPS. 2nd item is to DRM **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); kek_key = SessionKey.ComputeKekKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet); - + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); CMS.debug("TokenServlet: called ComputeKekKey"); - if(kek_key == null) - { + if (kek_key == null) { CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL "); - throw new Exception("Can't compute kek key!"); - + throw new Exception("Can't compute kek key!"); + } // now use kek key to wrap kek session key.. - CMS.debug("computeSessionKey:kek key len ="+ - kek_key.getLength()); - - // (1) generate DES key - /* applet does not support DES3 - org.mozilla.jss.crypto.KeyGenerator kg = - internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); - desKey = kg.generate();*/ - - /* - * XXX GenerateSymkey firt generates a 16 byte DES2 key. - * It then pads it into a 24 byte key with last - * 8 bytes copied from the 1st 8 bytes. Effectively - * making it a 24 byte DES2 key. We need this for - * wrapping private keys on DRM. - */ - /*generate it on whichever token the master key is at*/ - if (useSoftToken_s.equals("true")) { - CMS.debug("TokenServlet: key encryption key generated on internal"); -//cfu audit here? sym key gen - desKey = SessionKey.GenerateSymkey("internal"); -//cfu audit here? sym key gen done + CMS.debug("computeSessionKey:kek key len =" + + kek_key.getLength()); + + // (1) generate DES key + /* applet does not support DES3 + org.mozilla.jss.crypto.KeyGenerator kg = + internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + desKey = kg.generate();*/ + + /* + * XXX GenerateSymkey firt generates a 16 byte DES2 key. + * It then pads it into a 24 byte key with last + * 8 bytes copied from the 1st 8 bytes. Effectively + * making it a 24 byte DES2 key. We need this for + * wrapping private keys on DRM. + */ + /*generate it on whichever token the master key is at*/ + if (useSoftToken_s.equals("true")) { + CMS.debug("TokenServlet: key encryption key generated on internal"); + //cfu audit here? sym key gen + desKey = SessionKey.GenerateSymkey("internal"); + //cfu audit here? sym key gen done } else { - CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); - desKey = SessionKey.GenerateSymkey(selectedToken); + CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); + desKey = SessionKey.GenerateSymkey(selectedToken); + } + if (desKey != null) + CMS.debug("TokenServlet: key encryption key generated for " + rCUID); + else { + CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID); + throw new Exception("can't generate key encryption key"); } - if (desKey != null) - CMS.debug("TokenServlet: key encryption key generated for "+rCUID); - else { - CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID); - throw new Exception ("can't generate key encryption key"); - } - - /* - * XXX ECBencrypt actually takes the 24 byte DES2 key - * and discard the last 8 bytes before it encrypts. - * This is done so that the applet can digest it - */ - byte[] encDesKey = - SessionKey.ECBencrypt( kek_key, - desKey); - /* - CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length); - CMS.debug(encDesKey); - */ + + /* + * XXX ECBencrypt actually takes the 24 byte DES2 key + * and discard the last 8 bytes before it encrypts. + * This is done so that the applet can digest it + */ + byte[] encDesKey = + SessionKey.ECBencrypt(kek_key, + desKey); + /* + CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length); + CMS.debug(encDesKey); + */ kek_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); - - // get keycheck - byte[] keycheck = - SessionKey.ComputeKeyCheck(desKey); - /* - CMS.debug("computeSessionKey:keycheck size = "+keycheck.length); - CMS.debug(keycheck); - */ - keycheck_s = - com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); + com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); + + // get keycheck + byte[] keycheck = + SessionKey.ComputeKeyCheck(desKey); + /* + CMS.debug("computeSessionKey:keycheck size = "+keycheck.length); + CMS.debug(keycheck); + */ + keycheck_s = + com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); //XXX use DRM transport cert to wrap desKey - String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); + String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); - if ((drmTransNickname == null) || (drmTransNickname == "")) { - CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); - throw new Exception("can't find DRM transport certificate nickname"); - } else { - CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname); - } + if ((drmTransNickname == null) || (drmTransNickname == "")) { + CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); + throw new Exception("can't find DRM transport certificate nickname"); + } else { + CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname); + } X509Certificate drmTransCert = null; drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname); // wrap kek session key with DRM transport public key - CryptoToken token = null; - if (useSoftToken_s.equals("true")) { - //token = CryptoManager.getInstance().getTokenByName(selectedToken); - token = CryptoManager.getInstance().getInternalCryptoToken(); + CryptoToken token = null; + if (useSoftToken_s.equals("true")) { + //token = CryptoManager.getInstance().getTokenByName(selectedToken); + token = CryptoManager.getInstance().getInternalCryptoToken(); } else { token = CryptoManager.getInstance().getTokenByName(selectedToken); } @@ -561,31 +535,29 @@ public class TokenServlet extends CMSServlet { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); keyWrapper.initWrap(pubKey, null); } - CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() ); + CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName()); drm_trans_wrapped_desKey = keyWrapper.wrap(desKey); - CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); + CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); } // if (serversideKeygen == true) byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet); - if(host_cryptogram == null) - { + if (host_cryptogram == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute host cryptogram!"); + throw new Exception("Can't compute host cryptogram!"); } card_crypto = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet); - if(card_crypto == null) - { + if (card_crypto == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute card cryptogram!"); + throw new Exception("Can't compute card cryptogram!"); } @@ -595,9 +567,9 @@ public class TokenServlet extends CMSServlet { throw new Exception("Missing card cryptogram"); } input_card_crypto = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); if (card_crypto.length == input_card_crypto.length) { - for (int i=0; i<card_crypto.length; i++) { + for (int i = 0; i < card_crypto.length; i++) { if (card_crypto[i] != input_card_crypto[i]) { sameCardCrypto = false; break; @@ -611,15 +583,15 @@ public class TokenServlet extends CMSServlet { CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"processComputeSessionKey for CUID=" + - trim(pp.toHexString(CUID))); - } catch (Exception e) { + ILogger.LL_INFO, "processComputeSessionKey for CUID=" + + trim(pp.toHexString(CUID))); + } catch (Exception e) { CMS.debug(e); CMS.debug("TokenServlet Computing Session Key: " + e.toString()); if (isCryptoValidate) sameCardCrypto = false; } - } + } } // ! missingParam String value = ""; @@ -632,34 +604,32 @@ public class TokenServlet extends CMSServlet { String cryptogram = ""; String status = "0"; if (session_key != null && session_key.length > 0) { - outputString = - com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); - } else { - + outputString = + com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); + } else { + status = "1"; } if (enc_session_key != null && enc_session_key.length > 0) { - encSessionKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); - } else { + encSessionKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); + } else { status = "1"; } - if (serversideKeygen == true) { - if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) - drm_trans_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); - else { - status = "1"; + if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) + drm_trans_wrapped_desKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); + else { + status = "1"; } - } + } - if (host_cryptogram != null && host_cryptogram.length > 0) { - cryptogram = - com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); + cryptogram = + com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); } else { status = "2"; } @@ -675,32 +645,30 @@ public class TokenServlet extends CMSServlet { if (missingParam) { status = "3"; } - - if (!status.equals("0")) { - - - if(status.equals("1")) { - errorMsg = "Problem generating session key info."; - } - - if(status.equals("2")) { - errorMsg = "Problem creating host_cryptogram."; - } - - if(status.equals("4")) { - errorMsg = "Problem obtaining token information."; - } - - if(status.equals("3")) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); - } - errorMsg = "Missing input parameters :" + badParams; - } - - value = "status="+status; - } - else { + + if (!status.equals("0")) { + + if (status.equals("1")) { + errorMsg = "Problem generating session key info."; + } + + if (status.equals("2")) { + errorMsg = "Problem creating host_cryptogram."; + } + + if (status.equals("4")) { + errorMsg = "Problem obtaining token information."; + } + + if (status.equals("3")) { + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); + } + errorMsg = "Missing input parameters :" + badParams; + } + + value = "status=" + status; + } else { if (serversideKeygen == true) { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -709,10 +677,10 @@ public class TokenServlet extends CMSServlet { sb.append("&hostCryptogram="); sb.append(cryptogram); sb.append("&encSessionKey="); - sb.append(encSessionKeyString); + sb.append(encSessionKeyString); sb.append("&kek_wrapped_desKey="); sb.append(kek_wrapped_desKeyString); - sb.append("&keycheck="); + sb.append("&keycheck="); sb.append(keycheck_s); sb.append("&drm_trans_wrapped_desKey="); sb.append(drm_trans_wrapped_desKeyString); @@ -722,19 +690,19 @@ public class TokenServlet extends CMSServlet { sb.append("status=0&"); sb.append("sessionKey="); sb.append(outputString); - sb.append("&hostCryptogram="); - sb.append(cryptogram); + sb.append("&hostCryptogram="); + sb.append(cryptogram); sb.append("&encSessionKey="); sb.append(encSessionKeyString); value = sb.toString(); } } - CMS.debug("TokenServlet:outputString.encode " +value); + CMS.debug("TokenServlet:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -742,65 +710,65 @@ public class TokenServlet extends CMSServlet { } catch (IOException e) { CMS.debug("TokenServlet: " + e.toString()); } - - if(status.equals("0")) { - auditMessage = CMS.getLogMessage( + if (status.equals("0")) { + + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, status, agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, keyNickName); } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, status, agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, keyNickName, errorMsg); - } - + } + audit(auditMessage); } private void processDiversifyKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - byte[] KeySetData,KeysValues,CUID,xCUID; - byte[] xkeyInfo,xnewkeyInfo; + HttpServletResponse resp) throws EBaseException { + byte[] KeySetData, KeysValues, CUID, xCUID; + byte[] xkeyInfo, xnewkeyInfo; boolean missingParam = false; String errorMsg = ""; String badParams = ""; IConfigStore sconfig = CMS.getConfigStore(); - String rnewKeyInfo = req.getParameter("newKeyInfo"); + String rnewKeyInfo = req.getParameter("newKeyInfo"); String newMasterKeyName = req.getParameter("newKeyInfo"); String oldMasterKeyName = req.getParameter("KeyInfo"); - String rCUID =req.getParameter("CUID"); - String auditMessage=""; + String rCUID = req.getParameter("CUID"); + String auditMessage = ""; String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( @@ -813,7 +781,6 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); - if ((rCUID == null) || (rCUID.equals(""))) { badParams += " CUID,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID"); @@ -824,101 +791,101 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo"); missingParam = true; } - if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){ + if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo"); missingParam = true; } if (!missingParam) { - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } - xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); - if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { - badParams += " NewKeyInfo length,"; - CMS.debug("TokenServlet: Invalid new key info length"); - missingParam = true; - } - } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } + xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); + if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { + badParams += " NewKeyInfo length,"; + CMS.debug("TokenServlet: Invalid new key info length"); + missingParam = true; + } + } String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; KeySetData = null; String outputString = null; if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + } if (!missingParam) { - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - if (mKeyNickName!=null) - oldMasterKeyName = mKeyNickName; - if (mNewKeyNickName!=null) - newMasterKeyName = mNewKeyNickName; - - String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx - String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); - String oldSelectedToken = null; - String oldKeyNickName = null; - if (oldMappingValue == null) { - oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - oldKeyNickName = req.getParameter("KeyInfo"); - } else { - StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); - oldSelectedToken = st.nextToken(); - oldKeyNickName = st.nextToken(); - } - - String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - String newSelectedToken = null; - String newKeyNickName = null; - if (newMappingValue == null) { - newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - newKeyNickName = rnewKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - newSelectedToken = st.nextToken(); - newKeyNickName = st.nextToken(); - } - - CMS.debug("process DiversifyKey for oldSelectedToke="+ - oldSelectedToken + " newSelectedToken=" + newSelectedToken + - " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + - newKeyNickName); - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - KeySetData = SessionKey.DiversifyKey(oldSelectedToken, + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + if (mKeyNickName != null) + oldMasterKeyName = mKeyNickName; + if (mNewKeyNickName != null) + newMasterKeyName = mNewKeyNickName; + + String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx + String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); + String oldSelectedToken = null; + String oldKeyNickName = null; + if (oldMappingValue == null) { + oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + oldKeyNickName = req.getParameter("KeyInfo"); + } else { + StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); + oldSelectedToken = st.nextToken(); + oldKeyNickName = st.nextToken(); + } + + String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + String newSelectedToken = null; + String newKeyNickName = null; + if (newMappingValue == null) { + newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + newKeyNickName = rnewKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + newSelectedToken = st.nextToken(); + newKeyNickName = st.nextToken(); + } + + CMS.debug("process DiversifyKey for oldSelectedToke=" + + oldSelectedToken + " newSelectedToken=" + newSelectedToken + + " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + + newKeyNickName); + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + KeySetData = SessionKey.DiversifyKey(oldSelectedToken, newSelectedToken, oldKeyNickName, - newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - if (KeySetData == null || KeySetData.length<=1) { - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot"); - } - - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID)) - + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName - +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName); - - resp.setContentType("text/html"); - - if (KeySetData != null) { - outputString = new String(KeySetData); - } + newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + if (KeySetData == null || KeySetData.length <= 1) { + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot"); + } + + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID)) + + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName + + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName); + + resp.setContentType("text/html"); + + if (KeySetData != null) { + outputString = new String(KeySetData); + } } // ! missingParam //CMS.debug("TokenServlet:processDiversifyKey " +outputString); @@ -928,26 +895,26 @@ public class TokenServlet extends CMSServlet { String status = "0"; if (KeySetData != null && KeySetData.length > 1) { - value = "status=0&"+"keySetData=" + + value = "status=0&" + "keySetData=" + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " +value); + CMS.debug("TokenServlet:process DiversifyKey.encode " + value); } else if (missingParam) { status = "3"; - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; value = "status=" + status; - } else { + } else { errorMsg = "Problem diversifying key data."; status = "1"; value = "status=" + status; } resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); - try{ + try { OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -956,9 +923,9 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet:process DiversifyKey: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, @@ -969,7 +936,7 @@ public class TokenServlet extends CMSServlet { } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, @@ -978,13 +945,13 @@ public class TokenServlet extends CMSServlet { oldMasterKeyName, newMasterKeyName, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } private void processEncryptData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException { byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo; boolean missingParam = false; byte[] data = null; @@ -1004,10 +971,10 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } CMS.debug("keySet selected: " + keySet); @@ -1032,20 +999,20 @@ public class TokenServlet extends CMSServlet { if (isRandom) { if ((rdata == null) || (rdata.equals(""))) { - CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); + CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); } else { - CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); + CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); } try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - data = new byte[16]; - random.nextBytes(data); + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + data = new byte[16]; + random.nextBytes(data); } catch (Exception e) { - CMS.debug("TokenServlet: processEncryptData():"+ e.toString()); - badParams += " Random Number,"; - missingParam = true; + CMS.debug("TokenServlet: processEncryptData():" + e.toString()); + badParams += " Random Number,"; + missingParam = true; } - } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){ + } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data."); badParams += " data,"; missingParam = true; @@ -1056,75 +1023,74 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID"); missingParam = true; } - + if ((rKeyInfo == null) || (rKeyInfo.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info"); missingParam = true; } - if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } } - String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; String selectedToken = null; String keyNickName = null; if (!missingParam) { - if (!isRandom) - data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); - keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - keyNickName = rKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - selectedToken = st.nextToken(); - keyNickName = st.nextToken(); - } - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - encryptedData = SessionKey.EncryptData( - selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - CMS.getLogger().log(ILogger.EV_AUDIT, + if (!isRandom) + data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); + keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue == null) { + selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + keyNickName = rKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + selectedToken = st.nextToken(); + keyNickName = st.nextToken(); + } + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + encryptedData = SessionKey.EncryptData( + selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID))); + ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID))); } // !missingParam resp.setContentType("text/html"); - + String value = ""; - String status = "0"; - if (encryptedData != null && encryptedData.length > 0) { - String outputString = new String(encryptedData); + String status = "0"; + if (encryptedData != null && encryptedData.length > 0) { + String outputString = new String(encryptedData); // sending both the pre-encrypted and encrypted data back - value = "status=0&"+"data="+ - com.netscape.cmsutil.util.Utils.SpecialEncode(data)+ - "&encryptedData=" + + value = "status=0&" + "data=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(data) + + "&encryptedData=" + com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData); } else if (missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; status = "3"; @@ -1135,12 +1101,12 @@ public class TokenServlet extends CMSServlet { value = "status=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " +value); + CMS.debug("TokenServlet:process EncryptData.encode " + value); try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.lenght " +value.length()); - + CMS.debug("TokenServlet:outputString.lenght " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1149,9 +1115,9 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, @@ -1163,7 +1129,7 @@ public class TokenServlet extends CMSServlet { } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, @@ -1173,9 +1139,9 @@ public class TokenServlet extends CMSServlet { selectedToken, keyNickName, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } /* @@ -1194,9 +1160,9 @@ public class TokenServlet extends CMSServlet { */ private void processComputeRandomData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - - byte[] randomData = null; + HttpServletResponse resp) throws EBaseException { + + byte[] randomData = null; String status = "0"; String errorMsg = ""; String badParams = ""; @@ -1207,26 +1173,23 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } String sDataSize = req.getParameter("dataNumBytes"); - if(sDataSize == null || sDataSize.equals("")) { + if (sDataSize == null || sDataSize.equals("")) { CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes"); badParams += " Random Data size, "; missingParam = true; status = "1"; } else { - try - { - dataSize = Integer.parseInt(sDataSize.trim()); - } - catch (NumberFormatException nfe) - { + try { + dataSize = Integer.parseInt(sDataSize.trim()); + } catch (NumberFormatException nfe) { CMS.debug("TokenServlet::processComputeRandomData invalid data size input!"); badParams += " Random Data size, "; missingParam = true; @@ -1244,33 +1207,33 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); - if(!missingParam) { + if (!missingParam) { try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - randomData = new byte[dataSize]; - random.nextBytes(randomData); - } catch (Exception e) { - CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString()); - errorMsg = "Can't generate random data!"; - status = "2"; + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + randomData = new byte[dataSize]; + random.nextBytes(randomData); + } catch (Exception e) { + CMS.debug("TokenServlet::processComputeRandomData:" + e.toString()); + errorMsg = "Can't generate random data!"; + status = "2"; } } String randomDataOut = ""; - if(status.equals("0")) { + if (status.equals("0")) { if (randomData != null && randomData.length == dataSize) { randomDataOut = - com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); + com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); } else { status = "2"; errorMsg = "Can't convert random data!"; } } - if(status.equals("1") && missingParam) { + if (status.equals("1") && missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters :" + badParams; } @@ -1278,15 +1241,15 @@ public class TokenServlet extends CMSServlet { resp.setContentType("text/html"); String value = ""; - value = "status="+status; - if(status.equals("0")) { - value = value + "&DATA="+randomDataOut; + value = "status=" + status; + if (status.equals("0")) { + value = value + "&DATA=" + randomDataOut; } - + try { resp.setContentLength(value.length()); - CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length()); - + CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1295,22 +1258,22 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet::processComputeRandomData " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, ILogger.SUCCESS, status, agentId); - } else { - auditMessage = CMS.getLogMessage( + } else { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, ILogger.FAILURE, status, agentId, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } public void process(CMSRequest cmsReq) throws EBaseException { @@ -1328,7 +1291,7 @@ public class TokenServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenServlet: Unauthorized"); @@ -1338,7 +1301,7 @@ public class TokenServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenServlet: " + e.toString()); } @@ -1349,26 +1312,25 @@ public class TokenServlet extends CMSServlet { String temp = req.getParameter("card_challenge"); mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); setDefaultSlotAndKeyName(req); - if(temp!=null) - { - processComputeSessionKey(req,resp); - }else if(req.getParameter("data")!=null){ - processEncryptData(req,resp); - }else if(req.getParameter("newKeyInfo")!=null){ - processDiversifyKey(req,resp); - }else if(req.getParameter("dataNumBytes") !=null){ - processComputeRandomData(req,resp); + if (temp != null) { + processComputeSessionKey(req, resp); + } else if (req.getParameter("data") != null) { + processEncryptData(req, resp); + } else if (req.getParameter("newKeyInfo") != null) { + processDiversifyKey(req, resp); + } else if (req.getParameter("dataNumBytes") != null) { + processComputeRandomData(req, resp); } } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java index 9d67065d..d9d3ddec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java @@ -33,10 +33,10 @@ public interface IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) + public void init(ServletConfig config, int panelno) throws ServletException; - public void init(WizardServlet servlet, ServletConfig config, + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException; public String getName(); @@ -44,7 +44,9 @@ public interface IWizardPanel { public int getPanelNo(); public void setId(String id); + public String getId(); + public PropertySet getUsage(); /** @@ -84,20 +86,22 @@ public interface IWizardPanel { */ public void display(HttpServletRequest request, HttpServletResponse response, - Context context ); + Context context); + /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context ) throws IOException; + Context context) throws IOException; /** * Commit parameter changes */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context ) throws IOException; + Context context) throws IOException; + /** * If validiate() returns false, this method will be called. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 691d3e98..bc4ab990 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -37,13 +37,13 @@ import com.netscape.cms.servlet.csadmin.Cert; import com.netscape.cmsutil.crypto.Module; /** - * wizard?p=[panel number]&op=usage <= usage in xml + * wizard?p=[panel number]&op=usage <= usage in xml * wizard?p=[panel number]&op=display * wizard?p=[panel number]&op=next&...[additional parameters]... * wizard?p=[panel number]&op=apply * wizard?p=[panel number]&op=back * wizard?op=menu - * return menu options + * return menu options */ public class WizardServlet extends VelocityServlet { @@ -54,8 +54,7 @@ public class WizardServlet extends VelocityServlet { private String name = null; private Vector mPanels = new Vector(); - public void init(ServletConfig config) throws ServletException - { + public void init(ServletConfig config) throws ServletException { super.init(config); /* load sequence map */ @@ -64,33 +63,32 @@ public class WizardServlet extends VelocityServlet { StringTokenizer st = new StringTokenizer(panels, ","); int pno = 0; while (st.hasMoreTokens()) { - String p = st.nextToken(); - StringTokenizer st1 = new StringTokenizer(p, "="); - String id = st1.nextToken(); - String pvalue = st1.nextToken(); - try { - IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance(); - panel.init(this, config, pno, id); - CMS.debug("WizardServlet: panel name=" + panel.getName()); - mPanels.addElement(panel); - } catch (Exception e) { - CMS.debug("WizardServlet: " + e.toString()); - } - pno++; + String p = st.nextToken(); + StringTokenizer st1 = new StringTokenizer(p, "="); + String id = st1.nextToken(); + String pvalue = st1.nextToken(); + try { + IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance(); + panel.init(this, config, pno, id); + CMS.debug("WizardServlet: panel name=" + panel.getName()); + mPanels.addElement(panel); + } catch (Exception e) { + CMS.debug("WizardServlet: " + e.toString()); + } + pno++; } CMS.debug("WizardServlet: done"); - + } public void exposePanels(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { Enumeration e = mPanels.elements(); Vector panels = new Vector(); while (e.hasMoreElements()) { - IWizardPanel p = (IWizardPanel)e.nextElement(); - panels.addElement(p); + IWizardPanel p = (IWizardPanel) e.nextElement(); + panels.addElement(p); } context.put("panels", panels); } @@ -98,84 +96,80 @@ public class WizardServlet extends VelocityServlet { /** * Cleans up panels from a particular panel. */ - public void cleanUpFromPanel(int pno) throws IOException - { - /* panel number starts from zero */ - int s = mPanels.size(); - for (int i = pno; i < s; i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - panel.cleanUp(); - } + public void cleanUpFromPanel(int pno) throws IOException { + /* panel number starts from zero */ + int s = mPanels.size(); + for (int i = pno; i < s; i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + panel.cleanUp(); + } } - public IWizardPanel getPanelByNo(int p) - { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + public IWizardPanel getPanelByNo(int p) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (panel.shouldSkip()) { - panel = getPanelByNo(p+1); + panel = getPanelByNo(p + 1); } return panel; } public Template displayPanel(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { CMS.debug("WizardServlet: in display"); int p = getPanelNo(request); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } IWizardPanel panel = getPanelByNo(p); CMS.debug("WizardServlet: panel=" + panel); if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); panel.display(request, response, context); context.put("p", Integer.toString(panel.getPanelNo())); try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } - public String xml_value_flatten(Object v) - { + public String xml_value_flatten(Object v) { String ret = ""; if (v instanceof String) { ret += v; } else if (v instanceof Integer) { - ret += ((Integer)v).toString(); + ret += ((Integer) v).toString(); } else if (v instanceof Vector) { ret += "<Vector>"; - Vector v1 = (Vector)v; + Vector v1 = (Vector) v; Enumeration e = v1.elements(); StringBuffer sb = new StringBuffer(); while (e.hasMoreElements()) { - sb.append(xml_value_flatten(e.nextElement())); + sb.append(xml_value_flatten(e.nextElement())); } ret += sb.toString(); ret += "</Vector>"; } else if (v instanceof Module) { // for hardware token - Module m = (Module)v; + Module m = (Module) v; ret += "<Module>"; ret += "<CommonName>" + m.getCommonName() + "</CommonName>"; ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>"; ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>"; ret += "</Module>"; } else if (v instanceof Cert) { - Cert m = (Cert)v; + Cert m = (Cert) v; ret += "<CertReqPair>"; ret += "<Nickname>" + m.getNickname() + "</Nickname>"; ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>"; @@ -187,7 +181,7 @@ public class WizardServlet extends VelocityServlet { ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>"; ret += "</CertReqPair>"; } else if (v instanceof IWizardPanel) { - IWizardPanel m = (IWizardPanel)v; + IWizardPanel m = (IWizardPanel) v; ret += "<Panel>"; ret += "<Id>" + m.getId() + "</Id>"; ret += "<Name>" + m.getName() + "</Name>"; @@ -198,89 +192,84 @@ public class WizardServlet extends VelocityServlet { return ret; } - public String xml_flatten(Context context) - { + public String xml_flatten(Context context) { StringBuffer ret = new StringBuffer(); - Object o[] = context.getKeys(); - for (int i = 0; i < o.length; i ++) { - if (o[i] instanceof String) { - String key = (String)o[i]; - if (key.startsWith("__")) { - continue; - } - ret.append("<"); - ret.append(key); - ret.append(">"); - if (key.equals("bindpwd")) { - ret.append("(sensitive)"); - } else { - Object v = context.get(key); - ret.append(xml_value_flatten(v)); + Object o[] = context.getKeys(); + for (int i = 0; i < o.length; i++) { + if (o[i] instanceof String) { + String key = (String) o[i]; + if (key.startsWith("__")) { + continue; + } + ret.append("<"); + ret.append(key); + ret.append(">"); + if (key.equals("bindpwd")) { + ret.append("(sensitive)"); + } else { + Object v = context.get(key); + ret.append(xml_value_flatten(v)); + } + ret.append("</"); + ret.append(key); + ret.append(">"); } - ret.append("</"); - ret.append(key); - ret.append(">"); - } } return ret.toString(); } - public int getPanelNo(HttpServletRequest request) - { + public int getPanelNo(HttpServletRequest request) { int p = 0; - + // panel number can be identified by either // panel no (p parameter) directly, or // panel name (panelname parameter). if (request.getParameter("panelname") != null) { - String name = request.getParameter("panelname"); - for (int i = 0; i < mPanels.size(); i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - if (panel.getId().equals(name)) { - return i; + String name = request.getParameter("panelname"); + for (int i = 0; i < mPanels.size(); i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + if (panel.getId().equals(name)) { + return i; + } } - } } else if (request.getParameter("p") != null) { - p = Integer.parseInt(request.getParameter("p")); + p = Integer.parseInt(request.getParameter("p")); } return p; } - public String getNameFromPanelNo(int p) - { - IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p); - return wp.getId(); + public String getNameFromPanelNo(int p) { + IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p); + return wp.getId(); } - public IWizardPanel getPreviousPanel(int p) - { + public IWizardPanel getPreviousPanel(int p) { CMS.debug("getPreviousPanel input p=" + p); - IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1); + IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1); if (backpanel.isSubPanel()) { - backpanel = (IWizardPanel)mPanels.elementAt(p-1-1); + backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1); } while (backpanel.shouldSkip()) { - backpanel = (IWizardPanel) + backpanel = (IWizardPanel) mPanels.elementAt(backpanel.getPanelNo() - 1); } CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo()); return backpanel; } - public IWizardPanel getNextPanel(int p) - { + public IWizardPanel getNextPanel(int p) { CMS.debug("getNextPanel input p=" + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (p == (mPanels.size() - 1)) { p = p; - } else if(panel.isSubPanel()) { - if (panel.isLoopbackPanel()) { - p = p-1; // Login Panel is a loop back panel - } else { - p = p+1; - } - } else if (panel.hasSubPanel()) { - p = p + 2; + } else if (panel.isSubPanel()) { + if (panel.isLoopbackPanel()) { + p = p - 1; // Login Panel is a loop back panel + } else { + p = p + 1; + } + } else if (panel.hasSubPanel()) { + p = p + 2; } else { p = p + 1; } @@ -291,15 +280,13 @@ public class WizardServlet extends VelocityServlet { public Template goApply(HttpServletRequest request, HttpServletResponse response, - Context context) - { + Context context) { return goNextApply(request, response, context, true); } public Template goNext(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { return goNextApply(request, response, context, false); } @@ -309,172 +296,167 @@ public class WizardServlet extends VelocityServlet { */ public Template goNextApply(HttpServletRequest request, HttpServletResponse response, - Context context, boolean stay ) - { + Context context, boolean stay) { int p = getPanelNo(request); if (stay == true) CMS.debug("WizardServlet: in reply " + p); else CMS.debug("WizardServlet: in next " + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); try { - panel.validate(request, response, context); - try { - panel.update(request, response, context); - if (stay == true) { // "apply" - - if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - panel.display(request, response, context); - } else { // "next" - IWizardPanel nextpanel = getNextPanel(p); - - if (nextpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - nextpanel.display(request, response, context); - panel = nextpanel; + panel.validate(request, response, context); + try { + panel.update(request, response, context); + if (stay == true) { // "apply" + + if (panel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + panel.display(request, response, context); + } else { // "next" + IWizardPanel nextpanel = getNextPanel(p); + + if (nextpanel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + nextpanel.display(request, response, context); + panel = nextpanel; + } + context.put("errorString", ""); + } catch (Exception e) { + context.put("errorString", e.getMessage()); + panel.displayError(request, response, context); } - context.put("errorString", ""); - } catch (Exception e) { - context.put("errorString", e.getMessage()); - panel.displayError(request, response, context); - } } catch (IOException eee) { - context.put("errorString", eee.getMessage()); - panel.displayError(request, response, context); + context.put("errorString", eee.getMessage()); + panel.displayError(request, response, context); } p = panel.getPanelNo(); CMS.debug("panel no=" + p); CMS.debug("panel name=" + getNameFromPanelNo(p)); - CMS.debug("total number of panels="+mPanels.size()); + CMS.debug("total number of panels=" + mPanels.size()); context.put("p", Integer.toString(p)); context.put("panelname", getNameFromPanelNo(p)); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } // this is where we handle the xml request String xml = request.getParameter("xml"); if (xml != null && xml.equals("true")) { - CMS.debug("WizardServlet: found xml"); - - response.setContentType("application/xml"); - String xmlstr = xml_flatten(context); - context.put("xml", xmlstr); - try { - return Velocity.getTemplate("admin/console/config/xml.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + CMS.debug("WizardServlet: found xml"); + + response.setContentType("application/xml"); + String xmlstr = xml_flatten(context); + context.put("xml", xmlstr); + try { + return Velocity.getTemplate("admin/console/config/xml.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } else { - try { - return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + try { + return Velocity.getTemplate("admin/console/config/wizard.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } return null; } public Template goBack(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { int p = getPanelNo(request); CMS.debug("WizardServlet: in back " + p); IWizardPanel backpanel = getPreviousPanel(p); if (backpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); backpanel.display(request, response, context); - context.put("p", Integer.toString(backpanel.getPanelNo())); + context.put("p", Integer.toString(backpanel.getPanelNo())); context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo())); p = backpanel.getPanelNo(); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } public boolean authenticate(HttpServletRequest request, HttpServletResponse response, - Context context ) { - String pin = (String)request.getSession().getAttribute("pin"); - if (pin == null) { - try { - response.sendRedirect("login"); - } catch (IOException e) { + Context context) { + String pin = (String) request.getSession().getAttribute("pin"); + if (pin == null) { + try { + response.sendRedirect("login"); + } catch (IOException e) { + } + return false; } - return false; - } - return true; + return true; } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public Template handleRequest(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { CMS.debug("WizardServlet: process"); - if (CMS.debugOn()) { - outputHttpParameters(request); + if (CMS.debugOn()) { + outputHttpParameters(request); } if (!authenticate(request, response, context)) { @@ -484,7 +466,7 @@ public class WizardServlet extends VelocityServlet { String op = request.getParameter("op"); /* operation */ if (op == null) { - op = "display"; + op = "display"; } CMS.debug("WizardServlet: op=" + op); CMS.debug("WizardServlet: size=" + mPanels.size()); diff --git a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java index 0c4dade8..3fdcb024 100644 --- a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java +++ b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java @@ -25,7 +25,7 @@ import com.netscape.certsrv.kra.IJoinShares; /** * Use Java's reflection API to leverage CMS's * old Share and JoinShares implementations. - * + * * @deprecated * @version $Revision$ $Date$ */ @@ -33,59 +33,54 @@ public class OldJoinShares implements IJoinShares { public Object mOldImpl = null; - public OldJoinShares() - { + public OldJoinShares() { } - public void initialize(int threshold) throws Exception - { - Class c = Class.forName("com.netscape.cmscore.shares.JoinShares"); - Class types[] = { int.class }; - Constructor con = c.getConstructor(types); - Object params[] = {Integer.valueOf(threshold)}; - mOldImpl = con.newInstance(params); + public void initialize(int threshold) throws Exception { + Class c = Class.forName("com.netscape.cmscore.shares.JoinShares"); + Class types[] = { int.class }; + Constructor con = c.getConstructor(types); + Object params[] = { Integer.valueOf(threshold) }; + mOldImpl = con.newInstance(params); } - public void addShare(int shareNum, byte[] share) - { - try { - Class types[] = { int.class, share.getClass() }; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("addShare", types); - Object params[] = {Integer.valueOf(shareNum), share}; - method.invoke(mOldImpl, params); - } catch (Exception e) { - } + public void addShare(int shareNum, byte[] share) { + try { + Class types[] = { int.class, share.getClass() }; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("addShare", types); + Object params[] = { Integer.valueOf(shareNum), share }; + method.invoke(mOldImpl, params); + } catch (Exception e) { + } } - public int getShareCount() - { - if (mOldImpl == null) - return -1; - try { - Class types[] = null; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("getShareCount", types); - Object params[] = null; - Integer result = (Integer)method.invoke(mOldImpl, params); - return result.intValue(); - } catch (Exception e) { - return -1; - } + public int getShareCount() { + if (mOldImpl == null) + return -1; + try { + Class types[] = null; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("getShareCount", types); + Object params[] = null; + Integer result = (Integer) method.invoke(mOldImpl, params); + return result.intValue(); + } catch (Exception e) { + return -1; + } } - public byte[] recoverSecret() - { - if (mOldImpl == null) - return null; - try { - Class types[] = null; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("recoverSecret", types); - Object params[] = null; - return (byte[])method.invoke(mOldImpl, params); - } catch (Exception e) { - return null; - } + public byte[] recoverSecret() { + if (mOldImpl == null) + return null; + try { + Class types[] = null; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("recoverSecret", types); + Object params[] = null; + return (byte[]) method.invoke(mOldImpl, params); + } catch (Exception e) { + return null; + } } } diff --git a/pki/base/common/src/com/netscape/cms/shares/OldShare.java b/pki/base/common/src/com/netscape/cms/shares/OldShare.java index 4e92f76a..a867fcbf 100644 --- a/pki/base/common/src/com/netscape/cms/shares/OldShare.java +++ b/pki/base/common/src/com/netscape/cms/shares/OldShare.java @@ -25,43 +25,39 @@ import com.netscape.certsrv.kra.IShare; /** * Use Java's reflection API to leverage CMS's * old Share and JoinShares implementations. - * + * * @deprecated * @version $Revision$ $Date$ */ -public class OldShare implements IShare -{ +public class OldShare implements IShare { public Object mOldImpl = null; - public OldShare() - { + public OldShare() { } - public void initialize(byte[] secret, int threshold) throws Exception - { - try { - Class c = Class.forName("com.netscape.cmscore.shares.Share"); - Class types[] = { secret.getClass(), int.class }; - Constructor cs[] = c.getConstructors(); - Constructor con = c.getConstructor(types); - Object params[] = {secret, Integer.valueOf(threshold)}; - mOldImpl = con.newInstance(params); - } catch (Exception e) { - } + public void initialize(byte[] secret, int threshold) throws Exception { + try { + Class c = Class.forName("com.netscape.cmscore.shares.Share"); + Class types[] = { secret.getClass(), int.class }; + Constructor cs[] = c.getConstructors(); + Constructor con = c.getConstructor(types); + Object params[] = { secret, Integer.valueOf(threshold) }; + mOldImpl = con.newInstance(params); + } catch (Exception e) { + } } - public byte[] createShare(int sharenumber) - { - if (mOldImpl == null) - return null; - try { - Class types[] = { int.class }; - Class c = mOldImpl.getClass(); - Method method = c.getMethod("createShare", types); - Object params[] = {Integer.valueOf(sharenumber)}; - return (byte[])method.invoke(mOldImpl, params); - } catch (Exception e) { - return null; - } + public byte[] createShare(int sharenumber) { + if (mOldImpl == null) + return null; + try { + Class types[] = { int.class }; + Class c = mOldImpl.getClass(); + Method method = c.getMethod("createShare", types); + Object params[] = { Integer.valueOf(sharenumber) }; + return (byte[]) method.invoke(mOldImpl, params); + } catch (Exception e) { + return null; + } } } |